The Future of DevSecOps with the CloudBees Platform—An In-Depth Look

Written by: Hope Lynch
5 min read

We made a big announcement today, the availability of the new CloudBees platform! In this blog, we will set the stage for why and how we developed the CloudBees platform by describing the two types of applications that dominate software delivery today, the challenges DevSecOps teams face and, finally, the way the CloudBees platform was architected to address those challenges. Let's go!

Today's digital ecosystem is buzzing with a myriad of applications, each with distinct characteristics and requirements. Two prominent types dominate this ecosystem: cloud native and traditional applications. Addressing the unique DevSecOps requirements of both these applications is crucial, and this is where the new CloudBees platform shines.

The Dichotomy of Modern Software Applications

Cloud Native Applications: These applications, born in the mid-2010s, have been propelled by the rising influence of public cloud infrastructures, Docker container technologies, and Kubernetes management platforms.

Traditional Applications: Encompassing a range from applications deployed in application servers to non-containerized applications deployed to traditional server infrastructure these are the software world's current stalwarts. Some are transitioning into cloud native applications, while many retain their original forms due to unique non-cloud native use cases.

Both categories have longevity, though their proportions might evolve.

DevSecOps Challenges

The CloudBees platform stands at the intersection of cloud native advancements and traditional application legacies. It promises a cohesive, unified experience from code commit to deployment. Envision a realm where developer experience and productivity harmoniously coexist. This isn't just a tool—it's a culture.

Enhanced developer experience remains a constant across cloud native and traditional applications. 

As Jim Mercer, IDC Research Vice President DevOps and DevSecOps, articulated:

"Developer experience, security, and efficiency often conflict with DevSecOps, and too much complexity shifts onto developers. Solutions such as the new CloudBees platform, which combines cloud native tools like Tekton-based pipeline automation and a graphical workflow composer, can pull these workstreams closer, creating a paved path for developers to innovate more securely." 

This accentuates the responsibility on platform engineering teams to provide an uninterrupted self-service experience for developers.

CloudBees: Bridging the Gap

CloudBees offers a tailor-made solution for the distinct DevSecOps demands of both application types. 

The CloudBees platform helps developers efficiently handle Kubernetes deployments, powered by Tekton with an extended actions syntax. 

Spike Washburn, engineering leader at CloudBees, explained: 

"We talked about should we adopt something that already exists, such as Tekton, a Kubernetes-centric YAML language for describing automations running in a Kubernetes cluster? Or should we adopt something closer to a GitHub Actions DSL for ease of use? Our choice was to create a DSL that is closely aligned to GitHub Actions, yet provides the power of Tekton while abstracting away the complexity of Kubernetes. In doing so, we provide ease of use for all developers, even those who aren't Kubernetes experts."

CloudBees ensures existing tool investments remain intact while boosting deployment capabilities for conventional environments.

The DSL From CloudBees

The new DSL simplifies the creation, assessment, and repurposing of workflows for all staff, regardless of their coding proficiency. It's harmonized with actions from other vendors, but it's not a keyword match. A powerful action library enhances its GitHub Actions compatibility and facilitates powerful reuse mechanisms for both existing and custom-made actions. The platform's usability is not limited to the actions library. Users can easily integrate or modify workflow templates via a visual editor in the CloudBees platform.

While CloudBees maintains a strong bond with Jenkins and offers connectivity, its platform is fundamentally constructed using Tekton to dispatch jobs to Kubernetes, meaning Jenkins is not required for job execution or orchestration. However, CloudBees platform can still orchestrate Jenkins, CloudBees CI, and other DevOps tools in hybrid environments.

CloudBees platform encompasses workflow and actions DSLs, simplifying the creation of fresh pipelines and jobs. These DSLs share multiple parallels with other tools, including the structure and several keywords. Replication of actions you are currently using becomes straightforward using the inherent actions library or tailored scripts.

A notable distinction between CloudBees platform and other tools resides in action execution. CloudBees utilizes containers, offering enhanced workflow state support due to its dependency on containers and Kubernetes.

The CloudBees Advantage:

  • Cloud native workflows: Leveraging the intrinsic Tekton-based system of the CloudBees platform.

  • External CI/CD workflows: Orchestrating eminent tools like Jenkins, CloudBees CI, GitHub Actions, and more.

  • Hybrid workflows: Blending the best of both of the above.

  • Jenkins-centric workflows: Expected by 2024, there will be Jenkins-integrated workflows within the CloudBees platform

Organizations can cherry-pick from these, aligning with factors like application types and their modernization vision.

CloudBees platform is a pioneer in addressing the evolving DevSecOps challenges confronting organizations. Catering to both cloud native and traditional applications, it ensures organizations glide through the digital domain with agility, security, and efficacy.

Today, we celebrate the CloudBees platform, but we’re even more eager for tomorrow. Our journey is about evolving, about looking ahead, and ensuring we're not just meeting but anticipating your needs.

The CloudBees platform isn't a one-size-fits-all solution, because no such solution truly exists in the diverse world of software delivery. Instead, we offer a spectrum of use cases, adaptable and moldable, to ensure that every organization, irrespective of its unique landscape and vision, finds its perfect fit. The future of DevSecOps is not just about innovation; it's about tailored innovation. 

Welcome to the future, powered by CloudBees. Take a leap, see the difference, and let’s craft the future of DevSecOps together.

Stay up to date

We'll never share your email address and you can opt out at any time, we promise.