Name: CloudBees Unify: The Day-One DevSecOps Control Plane
Uploaded: 2025-12-10T11:01:04.542Z
Duration: 45 min 8 s
Description: CloudBees Unify: The Day-One DevSecOps Control Plane

Transcript for "CloudBees Unify: The Day-One DevSecOps Control Plane": Hi, everyone. Thank you for joining us today. We're gonna give one or two more minutes, for folks to to join. And as people are logging in, I want to encourage everyone to ask as many questions as you have. If we're not able to address them during this session, then we will be sure to follow-up right after. Alright. I think it's time we have quorum. Let's begin. So welcome, everyone. Thank you for joining us today. If you've ever been paged at 3AM in the morning just because your list broke in production or spent half of your week hopping between Jenkins, GitHub, Jira, and maybe half a dozen other tools and dashboards just to figure out what's going on, then you've come to the right place. These are just a few of the headaches that a lot of teams that we talk to on a daily basis deal with. Slow releases, too many tools, constant firefighting just to keep delivery on track. So whether you're leading a small team or running engineering at enterprise scale, these pains are part of your day to day. And too often, it feels like you have to choose between two bad options in order to mitigate that, to to fight that chaos or to move from chaos to clarity. You're often, either looking at patching everything together with duct tape, with riddles, crepes, just trying to make it through another day and hope everything works and holds up, or considering a very lengthy and long replatforming or, platform migration project. And so in today's webinar, we're gonna talk about this being a false choice that you don't have to take, and we'll be talking about the alternative to that. And with that, I wanna take us a little bit to the beginning of Cloudbase. Cloudbase was founded in 2010. And at the beginning of our journey, we were dealing with the level of complexity and fragmentations of not only tooling, but environments and teams way back in the day of, Jenkins enterprise, needs. And this is how we started our journey and transformed how developer built at that time focusing around the CICD elements of the stack. Today, with the AI agent, everything that's changed seems, we are looking to transform how software delivers itself. And, yes, the agentic AI reference is intended. So we talked about the complexity and fragmentation that causes all the pain points, in the first slide. And I just wanna call out that if you're already struggling with this now, adding AI into the mix really amplifies a lot of the problems that have already been there. And so Cloudvis is here to change all of that. It's a leading DevSec ops solutions for organization modernizing their delivery, whether you're adding AI or whether you're bridging legacy system, and maybe you're trying to do both. We want to enable teams to innovate securely, intelligently, and on your own terms and your own pace. So we've created this open and flexible and AI ready solution that helps your organization deliver better software faster and with confidence. A little bit about me, one of your hosts for today. My name is Shelly Issel Liebne. I joined Cloud Visa about a year ago, and I lead several of our go to market motions. I work closely with customers and the community and our product teams to help simplify how software gets built and shipped. And today, I'm really excited to show you Cloud Builds Unify, what it is, and how it works. And with me today is Mark. Mark, take it away. Hi, everyone. Good morning, afternoon, evening. My name is Mark Maxwell. I'm a principal sales engineer here at CloudViz. I've been here a little over two and a half years, and I help work with, customers to align some of the, you know, problems that they're facing with the solutions that we offer. And, I'm excited to kind of take you through some additional information about what we have and then the, the demo, which includes some of our features within AI. Thank you so much. Thank you for being here. So before we go on, I just want to briefly go over our agenda for today. We're gonna start with some market trends that we're seeing. We're gonna talk about the CloudViz unified solution, what it is, then we're gonna spend most of our time today in the product with Mark. And then lastly, we're gonna end with the next steps. And with that, I wanna start off with going over the exact same trends we started this session with. And I like to start my mornings, I don't know about you, Mark, with a bold statement. And the one I chose for today is that software delivery is losing control, and it's doing it really fast. And we've identified three main forces or triple threat as I like to call it that are all coming together these days creating the perfect storm out there, pretty much breaking any DevSec, ops model out there. So I wanna quickly, breeze over these and then really curious to hear from you, Mark, what you've been seeing in the field. And so I don't think you can go anywhere today and talk about software delivery without, mentioning AI. It's here. It's here to stay, and it's already transforming everything we're doing. But in the context of that complexity and fragmentation that we talked about, we're seeing code generated faster than teams are able to either govern it, make sure that risk has been tested and eliminated. And and really, to be honest, it's being generated faster than the value it provides. This adds to that complexity when we talked about tool fragmentation. And tool fragmentation can be the result of, again, having a either robust organization that was patched over the years by acquiring or merging with different teams, who brought in different capabilities and systems. But it can also be just your team being really adamant about getting the best of breed, tools out there, really wanting the best tool for the job. So whether you're handle you are dealing with tool fragmentation from that reason or the other, the reality is that shipping and building software these days requires a lot of tooling. And then on top of that, the trend that we're seeing is that compliance, requirements, security requirements are not going away. They're actually here to stay and accelerating as well in in the variables of timing in terms of, how often and and how many organizations are having audits today and, meeting the most strict, security, requirements, especially if you're working in a highly regulated industry. And so it's really where all of these come together, that CloudBees Unify or the solution that we're looking to talk about today help these teams, unlock the value of the teams and the tools, and investments they have in place while being able to continue being secured, compliant, and governed. Mark, I wanna take it over to you to see what you've been seeing in the field. Sure. We have conversations with our customers all the time. Everyone's trying to chase a new thing. They're they're talking about AI agents, cloud native development, generative AI, MCP servers. And it's, you know, under the hood, things are really getting messy and they're and they're asking for direction, asking for help. I mean, you've got disconnection between the tool sets, between the the pipelines, between the teams themselves, and it's really difficult to manage. And then like you had mentioned, the addition of audits. Audits popping up and it could be on a quarterly, monthly, or annual basis. This just adds complexity to understanding the context of all of the different data, processes, and tools that are in place for organizations. And, really, it's not just a DevOps problem or DevSecOps problems anymore. It's an organizational one. And, that's that's where we're we're leaning in and working to develop and explore some of the newer functions and solutions within Unify to the market. Yeah. I completely agree. And and I completely wanna double click on what you said there around this is not just a DevOps problem, and this is a good segue to some of the numbers I've, curated for today's discussion. Kinda talking about what's the cost of doing nothing or the cost of letting this fragmentation and the current strategy and architecture you have in place just continue as it is. So we can already see the impact that complexity of tooling and fragmented tool chains have on developer productivity. It's the context switching. It's chasing reports, secrets, credentials, what have you. And then on top of that, you can see that adding AI on top of it or or AI that is anyway here and is already being practiced usually in silos in the different organizations that we talk to is starting to gradually, I wanna say, even exponentially grow the technical debt that some of our customers are facing. Mark, when it comes to to meeting with the field, what is your observation there? Right. You know, the irony is AI was supposed to simplify things, but it's not what we're seeing. It's it's just the opposite. Teams are moving faster, but visibility, security, consistency, they're just not keeping up. It's like slapping a turbocharger on a car, but you didn't do anything about the brakes. You know, until you can really combine, unify the delivery system across the entire tool chain, you know, you're you're speeding towards bigger problems that the organization is is just gonna be having to fight. Yes. Yes. And and, by all means, if you have other observations or questions about it, feel free to put them in the chat. I'm just gonna quickly go over again the compliance, challenges that we see out there in the market. This is from the 2025 survey talking about 60% of the big shops getting audited over this year. Most of them had to scramble last minute, and there's a cost to not being ready. There's a cost for doing everything manually, and there's a cost to really trying to bring all of that together last minute. Mark, what is your take on this? Unfortunately, compliance is often a fire drill for organizations. You know, and it just shouldn't be that way. It with all of the tools and what we've known with regards to the requirements around compliance, it, you know, we should be better at it. And, you know, when your tool chain is fragmented and your policies are on multiple different places and, you know, organizations are coming to us. It's a catch up game for them. It's an afterthought, if you will. They know that they need to have be able to comply with the comp with compliance. But it's that, need, but it's that lack of simplifying the collection of evidence and to be able to reproduce it when asked by the auditing authorities. Yes. Thank you. I feel like, again, I I said the perfect storm last time, but as we are recapping this part of the program today, I keep thinking about the butterfly effect. Like, you have all these different levers and you cannot touch or accelerate one of them without kind of ex accelerating the rest or at least strategizing about how to make sure they keep up. And this actually brings me to, the other discussion or trend that we're seeing in the market. When we talk to our community, when we talk to customers and prospects, and asking them how they're currently mitigating all these fire drills and all these pain points or what are their thoughts about the future, we usually come across one of these two options or choices as I call them. One of them is, again, trying the duct tape, using manual brittle scripts, using more manpower to try and manage and keep up the system. Some folks that I'm talking to even show me how they're using AI to help in creating these scripts or architectures. But, again, their level, of confidence in this not going off the track is is very low. The other the other approach that I'm seeing out there, is is folks considering to just rip and replace their existing investments, their existing workflows, tooling, in in favor of migrating everything to a new platform that, again, the promise there or at least the thought behind this kind of platform is to be able to address all of these gaps and all of these pinpoints by offering the different stages of software delivery in a single place. However, when we've surveyed around 300 tech leaders about their experience with platform migration, we learned about, 85% of them making the choice between the two that we talked about. Only 25 seeing the expected return on investment, that they were thinking of going into this. You can read the numbers off the screen, but what I really wanna say here and stress that we will be sending this report in, in our follow-up email after this webinar. And what really stood out to me is, again, there's this gap between expectation or the thought leadership of best practices of how to approach this problem and this chaos, and then there's reality. How long does it take? I think it's really different for each organization. It really depends on where you are, where you wanna go. But, ultimately, looking at the numbers and learning that 75% of those 300 tech leaders found that meeting their security needs is becoming harder, I it's just eye opening, and really kinda makes you think around what should be the strategy for scaling or modernizing DevSecOps these days if this is what ultimately happens to the majority of the organization trying to migrate. So I want to introduce us or I want to introduce you all to, Cloud Builds Unify. And so this is a good segue to introducing you all to Cloud Builds Unify. We refer to it as the ultimate, most open, flexible, AI ready, DevSecOps solution out there to help teams who are experiencing all of these pain points without forcing them into that false choice we just talked about. It's bringing together the four core stages of software delivery, build, test, deploy, and secure, and they're all in one place without asking you to rip and replace anything. And the key part is whether you have Jenkins, Tekton, GitHub actions using, multiple scanners using Jira or other tooling, you're not asking your developers to then retrain and start learning either new tools or learning new processes. And you are not risking the business that you need to run at the same time because usually in migrations, they do not happen in a vacuum. You have to keep the business going, keep innovating, and then do them at the same time. So you can plug in any source of, code manager and and any ticketing system and even any AI agents, like Mark will show us in a few minutes, that your teams are experimenting with today. And on top of all that, Unify adds a horizontal AI powered automation and visibility layer. Dora metrics, flow metrics, the board has a question. You don't have to scramble and try to stitch multiple dashboards together, that were never designed, by the way, to fit into the same data model and provide you with a single pane of glass. It connects all the data from all your pipelines across all your tools, and it gives your teams, be it actual developers, practitioners, managers, or even leaders and execs, a single pane of glass that, you can use to answer any questions that you may have around efficiency, around problems, around issues you can monitor, govern, even orchestrate multiple pipelines from the same control plane, from the same surface. And the MCP server allows developers and platform teams and even AI agents, interact with pretty much anything in Cloudbiz Unify. Anything a human can do, an agent can do. But the difference with CloudBiz Unify is that it was designed from day one to make sure that whether you're using an LLM or an agent, they are not only governed by the strictest enterprise requirements, they are also fed, so to speak, with the most context rich, clean and governed, end to end software delivery life cycle information so that they can make the most accurate decisions, create the best solutions, and really deliver on that re on that that ROI that everyone is looking to get. So in short, Unify does doesn't just integrate your tools. It connects them intelligently, turning that fragmentation of delivery into a coordinated and secured and traceable flow, whether it's compliance, whether it's trials trying to figure out what's going on, where the problem is, and transforming all of that developer toil into a strategic acceleration. So I'm gonna just walk us through one last, customer quote before we get into the demo. So we're almost there. And that customer quote is by one of our customers, Synaptics. And it's really here to show the difference in in Cloud based Unify. A lot of companies don't have the luxury to start from scratch. They already have the tools and the processes that work for them. And Unify doesn't ask you to reap anything. It sits on top of what you already have, connecting it all together into a single data model, which is key for any AI ROI later on and brings consistency, security, and visibility across the board. And that's why this message resonates so strongly either with enterprise teams or team of any size that is dealing with the pain points of fragmentation because it's about helping this work. It's about progress and not disruption to what's already working. And with this, it is demo time. Mark, feel free to take it away. Alright. So to take you through the demo, I I kinda wanted to add some context with, with with someone that you can possibly have a connection with or understand you've been in their shoes. And, you know, this is Alex. He's a platform lead, and, you know, he's stuck between chaos and control. I'm sure we all have been through that. And, you know, he's the the platform engineering lead for a global enterprise. He's got over, you know, 50 plus applications, hybrid environments. It's just it's a a a bowl of spaghetti, if you will, of different tools, different processes, different teams that he has to manage. And and he has some key goals he wants to look at, you know, you know, we'll use the balance of governance, compliance, and delivery velocity of the software. How can we make sure that what is being developed is properly being tested and is getting out on time? You know, there's always pressure to modernize. How can you bring in new tools that will actually benefit the developers, make them more efficient, improve just their day to day, and then ultimately, it adds business value. And then managing complexity is scale. You know, organizations are, recognizing that, you know, software is eating the world. Everywhere you look, everywhere you go, software is, embedded in in everything. And, you know, Alex and and his company is is no exception to the rule. You know, the Alex's days is typically what it looks like. Some of you may be looking at this and and and, empathize with him wholeheartedly. You know, 09:00, you got a bill that fails, and then you got this scanner storm of vulnerabilities that are identified. Then for some reason, a block was a release was blocked because, you know, the approval wasn't done in time in the, in the deployment. And then, you know, it's 6PM, and he finds out the next morning, oh, by the way, we're going to have an audit. And, you know, we'll, we'll have to divert the team from doing what they're supposed to be and and helping the, the auditors come through with it. So with that, I'm gonna go ahead and and switch over my screen and bring us into Unify and take you through some of the things, that Alex looks at, and give you also, an idea of some of the the benefits, that Unify provides and the challenges it helps you overcome. You know, it it it all starts with Unify coming in here, but it's the control plane. And within the control plane, it's it's an understanding of, well, all of the different tools that you have in place, the environments, how the integrations set up, how are they being managed, are they being inherited, are they, native to that organization or sub org. And this is where Alex will would look when he has to have an understanding of, well, you know, what are the current, for instance, here, the secrets and properties that I have. And then ultimately, you wanna look at the different integrations. Well, you know, he has he knows he has Jira, and he knows he has a a golden demos environment where he's able to run some tasks, and he has an ECR demo environment that, they're just starting to build up, for those those integrations. And then ultimately, he knew that, well, if he needed to build up a new integration, what would it look like? He knows that he's bringing on another company, that, they just, acquired and, you know, they have, you know, a GitHub app and and this is where he would go in order to build out that connectivity, create that integration, then have connectivity into that, that org. But then he also has to look at other organizations themselves to make sure their their or their environments are set up. And then ultimately, a big thing is is going to be focused with communications. So for that, he's gonna go to the parent org and he's gonna look at notifications. And it's within here, he wants to make sure when things occur and things happen, teams are gonna be notified real time. So he can see that, well, what we use Slack, so we can set up a Slack channel so that if anything happens within well, let's look at the individual environment. Well, within our prod environment, that would be a really good idea to have those that would be part of supporting the prod environment, and then if anything going wrong would be notified. And it's from there, you can create the channel name, the description, and he knows he would have the webhook URL for his install of Slack contained there within the team. So that's a a big piece of that. But then, you know, his team really wants to use GitHub actions. And there are integrations between GitHub actions, but then also he has the ability to build out his own actions, copy actions, if you will, and tie those into his workflows, his release orchestration, and have full control and visibility of what's occurring, when it's happening. And if changes need to be done, he has the the control to go in there and update and edit these. Now one of the things that Alex has been concerned with is the security scanning. And he has been, notified by security that some of the new tools that the, the the they've introduced aren't always being triggered within the pipelines. So security is now mandated as a governance framework to have implicit scanning. And what implicit scanning will do, well, that allows, one, to take that out of the hands of the developers themselves. They don't have to think about that. But, two, it's a framework that now security controls and allows them to work with some of the scanners that they require and turn it on as far as an implicit scan to view, vulnerabilities within the components or the repos. Now one of the requirements was, hey. Well, when you go ahead and connect a repo, that is the initial scan. And we wanna do it in a way that it doesn't affect the developers, as I said before. So here I have a repo, and I'm going to pull it into Dan Maxwell organization. And I'm gonna go ahead and connect that repo. And we can see right away, it's populated here, starting to pull in information. We're gonna look at runs. We can see that a new implicit scan has been started. And within this this scan itself, it's going to run all of those different scanners that we had shown earlier automatically. And then over here, this evidence is gonna start to populate. And that is one thing that will be much easier, when it comes to the audit time to look at. But you can see all of this is automatically happening. It's nothing the developer needed to do. So we'll go ahead and let that run and populate, fill things out. But he knew that he had to take a look at some of the other repos that have already had the scan done. And some of the problems they have, again, extended through security is the vulnerability piece of it. They normally have to go out of this, export it to a specific Excel document, and then from there, they would triage it. But thanks to Unify, it's collecting all of that data. It's your centralized, location for all things happening within your software factory when you have those integrations tied in. We can look at the security overview. We can see the findings, but this is where his team normally spends at least three, four hours on, on a Friday doing it. And this is a simple triage. And this is where he can see right away. You can see the the vulnerabilities that are identified, and then you can go through the triage process. Something that's built into Unify and it's native. And again, you can tie this back to, the vulnerabilities identified by vulnerability. You can tie this to notification to the teams that we responsible for actually working on these. And then this one will be fixed as required. Puts this for, a triage, and it's done. It allows his team to now focus on the next task that they have in front of them, and the fix required is this is no this is where the team knows this is the bucket they go to. Additionally, you can tie this directly right into Jira. Again, that control plane allows you to pull all of the different tools and visibility into Unify, and then it allows you to minimize the context switching. Another piece that Alex has to look at and to focus on is his releases, his applications themselves. And he wants to make sure that the runs that are occurring, the deployments themselves, have the correct approval gates in place and they're actually taking place. So we can see that the run has started, and it's you can see over here the job log. It's starting to collect that data, starting to collect the information that you would need for that audit. Step by step, he knows it's going from one to the next. And then here, you can see it's starting to gather the evidence. And now it's done with the evidence, and we can see here, it has now produced that within this, individual deployment. Lists all the repositories, everything that the the, auditor is going to need and also has the ability to export it. The quality checks are in place, security, the the required gates, are being adhered to. Everything that he wanted to look at and that he required in the job log has the additional connectivity into Jira setting up the workspace. Everything went through that it needed, added the comment, and now we're waiting for the approval gate to actually trigger. And this is what he was looking for. He wanted to make sure that part of the release process that his team, was ensuring that they had a manual process piece. This was the first step. The next step, additionally, that they would wanna look at is how do you can have automatic release gates and approvals based upon specific evidence. So with this, I will approve it and move on. Does the callback to the system? And then the set up and deploy to QA has started. Additionally, as with evidence, there's always gonna be the requirement to look at the audit history. So we'll look at some specific time frames just within the last seven days. He wants to look at a specific code change that he was looking for, and he can find it here within the details of the deployment. He can then look at the, the diff between what was currently in place and what was changed for another part of the audit process. The auditor wanted to know exactly, well, within this code base on this date, this specific change was done. Show me the before and show me the after. So, again, all of that is held within UNIFY without having to hunt it down across multiple systems, databases, service logs. It's all contained here. And as I said before, one of the things that we we look at is the connectivity of so many different, CICD tools. And one of which is CloudVees Jenkins itself. So organizations that already have an on prem instance or a VPC instance of Jenkins and want to garner the benefits of Unifi without necessarily having to change your own enterprise for requirements such as a legacy system. And that's where the Jenkins Management plug in comes into play. It allows you to connect your controllers on prem or wherever they are to unify, and you're getting that additional context and information around your controllers themselves, telemetry based off of dates. This one as simple as the the version of this controller, the plugins, you can look at the, usage pattern. If you have the longest running jobs, all this information can be available here within Unify. Alright. The last thing we wanted to cover is how Unify has implemented its own MCP server that allows you to extend some of the agents and other tools that you may be using in your software factory. Now here on the screen, you could see this is where a number of vulnerabilities were identified within one of the repos. The developer was, sifting through and, you know, going through his his triage process, but there may be situations where you want your developers to stay within their IDE and to use some set of tools such as AI, natively without having to change, context windows. So here we have my Visual Studio. And within here, I have started, my, Amazon queue, which is my extended agent. So I also have connectivity into my CloudViz MCP. And then from here, developer's doing going through his work, and he wants to kind of get an idea of what's happening within the repo that he's working on. And he's basically gonna start with the organization level. So I have some quick prompts a little bit quicker than I can go ahead and type. And it's going to go ahead and first ask me well, I want well, I wanna ask it, how many repos are in this specific organization? And it's going to ask me a couple of prompts with regards to authorization and trust to make sure that it has permissions in order to look at Beautify and then, by extension, the org and then how many repos are connected within there. And it goes ahead and tells me, well, I've got 37 repos. But, you know, I really wanna know and understand within my specific repo, what kind of vulnerabilities am I looking at within this, overall organization? Same to trust prompts now, you may go ahead and have the option to allow the the prompts automatically. I kind of like to go through it and go step by step to make sure that I'm just kinda double checking an extra set of safeguards and guardrails, if you will. So it's gonna come back and tells me, oh, well, I've got two vulnerability issues, zero medium or or very or low or very high. Last time it was scanned was the seventeenth. Now what I need to do is also double check, well, you know, are any of these without s beyond the SLA breach time? And, you know, I'm not having to go back and forth into Unify. I can stay within my IDE where I'm doing most of my work, and I can see right away, well, of those vulnerabilities that are identified, which are the ones that are have been breached of the SLA or going to be breached. And right now, they haven't been reviewed, and, the vulnerabilities are due December 22. So I've got some time to get in here and remediate these before I breach that SLA and, but I also want to, you know, work with the agents and the tools that I have already natively. And it's like, well, what are some of the best practices and best ways in order to get in there and resolve these vulnerabilities? Not that I'm asking for it to actually fix it for me, rather, I'm asking for it for some of the preventative measures best steps that I should look at first in order to resolve these and, again, get there with get them done before that December 22 time frame. And right away, it tells me a couple of examples. One, it tells me to, you know, for the for the Docker vulnerability, you know, how to not use a non root root user. Second, or, it tells me about health check instructions. And then from here, just some additional steps that I can take. But, again, this just emphasizes how the, extension of Unify, as a control pane is in all of your different tools, but then brings it back using that singular context of because of Unify having visibility of all the tools within your tool chain, including the repos themselves. So thank you again, Mark. This is a quick overview of all the elements that Mark has taken us through, today from the ability to see end to end, software delivery processes across tools, teams, and environments, how you can, proactively and automatically collect evidence and govern and make sure people are following best practices, how all of these are coming together, to make sure that releases are on time and are disrupted. And, also, the last demonstration around the MCP server really shows how easy it is to onboard new developers to unify, letting them communicate, with the different modules in in natural language through their, IDE. So thank you again, Mark. If any of you has, any questions around how you can start trying any of these capabilities today, please reach out to our team, and we will be happy to assist. And from here, I really wanna ask, wanna take us to the end of our session today. So if there is one thing you will take away with you today, please let it be that with Cloudways Unify, you don't have to rip and replace your existing best of breed investments, the tools and processes that your developers already know and love. You can actually address the chaos that you're experiencing and the pain that you're experiencing, with, an integration approach to creating a solution that unlocks the visibility, governance, security, and even modernization that you need. Mark, is there anything else you wanna add? Sure. You know, at the end of the day, it's all about building software faster, safer, and smarter. You know, CloudVise Unifies helps you get there. It connects all of your tools, your people, your data itself. And, you know, just as you said, it's not the rip and replace. It's just better flow real results. And, you know, if you wanna see how UNIFY can fit within your environment, please reach out. We'd love to show you how and what it looks like in action in your environment. Wonderful. And with that, we've reached the end of our webinar. Thank you all for joining us today. We will be sure to follow-up this session with helpful links and recording, and we are looking forward to continuing this conversation. Have a great day. Thank you so much, Mark. Thank you. Have a great day.