Release Update 06/06/2025
SDLC
Introducing GitHub Advanced Security Native Integration
GitHub Advanced Security (GHAS) is now natively integrated into Opsera pipelines. This is designed to provide centralized management of GitHub configurations via Opsera’s Tool Registry and is supported exclusively for GitHub-hosted repositories.
What’s New?
Native GHAS Pipeline Step
Drag-and-Drop Configuration: Add GHAS scans (CodeQL, Secret Scanning, Dependency Review) as a step in Opsera’s Pipeline.
Scan Customization: Select specific scan types, define severity thresholds, and set branch-based execution rules.
Centralized Tool Registry Management
Register GitHub tool in Opsera’s Tool Registry using GitHub API credentials.
Environment-Specific Policies: Apply distinct scan policies for Dev/Prod environments.
Consolidated Security Reporting
View aggregated results including Vulnerability severity distribution, exposed secrets and outdated dependencies.
Get one-click access to GitHub’s native security tab for detailed findings.
Limit Addition for Liquibase Catalog Handling
A new configurable limit has been introduced to control the number of catalogs that Liquibase processes during a run. By default, this threshold is set to 50 catalogs per pipeline-step basis to better match an organization’s infrastructure and performance needs
This setting helps prevent performance degradation when managing very large numbers of catalogs, ensuring Liquibase remains responsive even in complex, large-scale environments.
Enhancements for GitCustodian Reports
A new filtering capability has been implemented in Git Custodian to reduce false positives during secret scans.
Plain text passwords and generic API secrets containing terms like secret or secrets (e.g., /api/v1/secret-permissions) are automatically excluded from scan results. This ensures that patterns involving non-sensitive terminology no longer trigger unnecessary alerts. By minimizing noise in scan reports, teams can now prioritize genuine security risks more efficiently.
Introducing Lineaje API for Cross-Registry Docker Image Traceability
Opsera has introduced an enhanced Lineaje Public API, to track Docker images as they move between different container registries. From build (source) to production (target), users can see the entire image lineaje across multiple providers in one place.
Supported registries for Cross-Registry Tracking:
Sources: AWS ECR, Azure ACR, Nexus, JFrog Artifactory, Docker Hub, OCI
Targets: AWS ECR, Azure ACR, Nexus, JFrog Artifactory, OCI
Organizations using hybrid/multi-cloud registries now gain
Track images from build to production deployment in a single lineaje map.
Automatically record and store image history for SOC 2, HIPAA, and other compliance—no manual tracking needed.
Detect unauthorized registry jumps in real time.
Lineaje Policy Validation & Enhanced Reporting
To strengthen data governance and compliance, we've upgraded the Pipeline Reports with integrated Lineaje Policy Validation. Users can now automatically validate data lineaje reports against organizational policies, view threshold-based pass/fail statuses, and download detailed compliance evidence, all within a unified interface. This includes policy-driven validation with auto-check functionality, visual indicators for pass, warning, and fail statuses, and a unified report hub for viewing lineaje reports and policy validation side-by-side.
Salesforce
Centralized Build Type Management via Repository Policies
Build type selection for merge sync tasks is now governed exclusively by Repository Policy settings, ensuring uniformity and reducing setup overhead:
For Salesforce Repositories Build type options are automatically applied from policy and hidden in the UI, streamlining task configuration. Upon repository selection, the policy-defined build type is injected without additional input.
For Non-Salesforce Repositories Build type selectors remain visible, allowing manual customization where needed.
This simplifies Salesforce workflows and enforces consistent build practices across all workflows.
Capabilities for Merge Sync Workflows (Salesforce to Git and Git to Git Tasks)
The Merge Sync Task workflow includes both reviewer selection and file management features.
Reviewer Selection and Approval Flow: The confirmation screen retrieves approvers from the connected source control system, creating a more controlled and cohesive review process. This approval-based approach reduces risks by ensuring changes are reviewed before being merged into the main codebase.
Direct File Management: The confirmation screen also offers built-in file management. A list of files appears with each filename accompanied by a checkbox, allowing users to remove or edit files immediately without leaving the screen. Any edits made are saved to the database as soon as they are applied, giving last-minute control over the files being merged.
Additional Capabilities
Diff File Generation Logic Update
The diff file generation logic has been updated so that files marked for deletion are no longer omitted when they do not exist in the target branch. In the diff UI, these deletion-only entries are displayed alongside other changes, allowing users to review. This addition ensures that all files are visible, preventing gaps in selection logic in the diff presentation even when target-branch files are missing.
Platform
Admin Deactivation of Users with Active Tools
The restriction that prevented deactivating users who have running tools has been removed. Now, when an administrator attempts to deactivate a user with active tools, the system displays a warning. If the administrator confirms, deactivation proceeds as usual. All such deactivation events are recorded in the audit log for future reference.
Last updated