Release Notes


Software supply chain attacks are on the rise and have become a critical concern for all organizations. The modern software delivery pipelines have become increasingly complex, and the threat landscape is continuously evolving. Therefore, a unified and proactive approach to security, risk management, and governance across the software delivery lifecycle is essential.

OpsMx Secure Software Delivery (SSD) is a solution that focuses on monitoring, alerting, preventing, and resolving security threats and vulnerabilities across the software delivery lifecycle. It seamlessly integrates with your DevOps ecosystem to gather and evaluate information against a set of secure software delivery practices and frameworks. This ensures that insecure application versions do not get released. The solution also keeps track of all actions, people, and process metadata related to software development, thereby enabling enterprises to meet their compliance requirements with ease.

Version 2024.5.0


  • Vulnerability Prioritisation - SSD now can prioritize vulnerabilities using an algorithm that takes into account parameters such as exploitability, severity, and KEV Database.

  • Deduplication - SSD now can deduplicate vulnerabilities and security issues, allowing security teams to better focus on resolving these issues. In the alert detail popup, a new section called "Show Impacted Components" has been added. This section enables users to view the complete list of Accounts, Applications, Artifacts, and Services affected by a vulnerability.

  • Artifact Security - The new artifact security feature displays a list of all artifacts auto-discovered by SSD, along with their security status. It also allows viewing the lifecycle of these artifacts and downloading security scan results related to them.

  • JIRA Integration - User can create a JIRA ticket directly from the alert details screen, which will include all relevant information for developers to track and resolve the issue.

  • GitHub Actions Integration - SSD now supports GitHub Actions as a CI tool. It can receive build events from GitHub Actions to run security analysis of the build pipeline as well as the produced images.

  • Cluster Management - The new Clusters page enables users to connect their Kubernetes clusters to SSD, allowing SSD to continually monitor the security posture of the connected clusters and send alerts when necessary.


  • The App level policies are now listed based on the tools used in that application context. Users have to deal with only the policies required by the selected application.

Bug Fixes

  • The policy page performance issues have been resolved.

Version 2024.4.0


  • Vulnerability scanning for Debian packages - SSD can now detect vulnerabilities in Debian packages.

  • Support for the Spinnaker Bake Stage - SSD can process events emitted by the Spinnaker image bake stage to analyze the composition of a machine image.

  • Support for Machine Image Deployments - SSD now detects and performs scans on machine image-based deployments executed via Spinnaker, providing support for machine image deployments.

  • Agentless Kubernetes Scans - kube-detector is the SSD component used to scan Kubernetes clusters. It can now perform scans without running an agent in the cluster.

  • BitBucket Integration - The new Bitbucket integration enables SSD to retrieve metadata about the source code repository and perform security scans to produce reports such as the OpenSSF Scorecard.


  • Support for running multiple kube-detector instances along with SSD is now available, allowing them to point to different Kubernetes clusters.

  • NamespacesToAllow and NamespacesToIgnore fields in the kube-detector configuration allow users to specify the set of namespaces to watch and ignore, respectively.

Bug Fixes

  • Minor bug fixes.

Version 2024.3.0


  • Organization Structure and RBAC - A new three-tier organizational structure is introduced in this release that enables customers to manage their applications across various business units and teams using a single Delivery Shield instance. Additionally, it offers an enhanced Role-Based Access Control system for better control over the user permissions.

  • Kubernetes Discovery - Deploy Shield detects changes in a Kubernetes cluster and enforces security policies through agent-based resource discovery.


  • UX enhancements.

  • Minor bug fixes.

Version 2024.2.0


  • Non-Blocking mode - SSD can be used in a non-blocking mode by disabling the deployment firewall feature, that is best suited for lower environments like Development and QA. This mode doesn't block deployments but evaluates policies and generates security alerts.

  • New integrations

    • Integration with Gitlab to collect source code metadata, Git security posture checks, and generate an OpenSSF Scorecard.

    • Integration with Jfrog Artifactory to fetch images and run security scans.

    • Integration with Snyk to run Security scans and fetch reports.

  • Support for Non-Kubernetes deployments - It is now possible to conduct security scans on Amazon ECS deployments using SSD.

  • UI For managing SSD Integrations - A new page named Integrations is added to the Config menu. This page enables users to integrate and manage SSD with their preferred DevOps tools.


  • Enhanced Navigation Experience - The navigation structure is revamped and new menu items are added, to support additional use cases and personas.

Version 2023.11.0


  • Policy as Code and GitOps - Users can transform security policies into code, store them in a Git repository, and periodically synchronize them with SSD.

  • Helm Charts Security - SSD has introduced support for Helm chart scanning. This feature enables the identification of misconfigurations and security issues within the Helm charts.


  • Improved workflow for Integrating Jenkins with SSD.

  • Users can now perform bulk actions on the Rules Configuration page by selecting multiple rules and modifying them simultaneously.

  • The Delivery Bill of Materials (DBOM) page has been improved with better labelling and grouping of information.

Version 2023.10.0


  • Kubernetes Hardening Analysis

    • CIS Benchmark analysis for Kubernetes clusters - SSD automatically evaluates connected clusters for CIS Benchmark compliance using 200+ predefined deployment firewall rules. Kubernetes posture-related alerts and suggestions are available on the Manage Alerts Page.

    • Additionally, it allows for the assessment of your clusters according to the guidelines provided by NSA-CISA and MITRE ATT&CK.

  • Jenkins Integration - SSD now supports Jenkins as a build and deployment tool, gathering information to improve security posture through alerts and recommendations.

  • Deployment History Timeline - The application status page now displays cluster deployments as a timeline graph, providing an audit trail and historical view of changes to cluster security posture.

  • Vulnerability Report - The application status page now displays vulnerability reports for both the application and service.


  • Added support for user-defined tags for deployment firewall rules, allowing users to group rules based on the custom logic.

  • Expanded the functionality of the smart search feature to include the alerts and vulnerabilities report page.

  • Added the ability to distinguish between alerts on the current and the old versions of running applications.

Version 2023.9.0


  • Deployment Firewall - The Kubernetes cluster can now automatically block insecure application versions from being deployed by running an admission control mechanism. This decision-making is powered by SSD's security analysis and data collection throughout the software delivery lifecycle.

  • New SAST Integrations - SSD can now mandate SAST scans during software development, analyze reports to provide suggestions, and update the application's risk status by connecting to SonarQube and Semgrep.

  • Smart Search - The ability to discover vulnerabilities, images, and other components across all applications allows for easier identification of newly found vulnerabilities within existing applications.

  • OpenSSF Scorecard Integration - Connected git repositories will receive an OpenSSF scorecard with security posture alerts and suggestions accessible on the Manage Alerts Page.

  • NIST and FedRAMP Compliance Automation - SSD now includes prebuilt policies for NIST 800-53 and FedRAMP compliance, with suggestions for fixing issues and achieving 100% compliance.

  • Rules Genie - A new AI assistant that creates custom deployment firewall rules based on business requirements.

  • Alerts Genie - A new AI assistant that helps understand security alerts and recommends solutions.


  • Application level Smart Diff and Application DBOM - Users can now perform Smart Diff at the application level and view the Delivery bill of materials for the entire application version.

  • Search and filtering options - In the Alerts Management and Rules Configuration pages, you can access additional search and filtering options.

Version 2023.8.0


  • Ability to collect software delivery data from Git, Jenkins, Spinnaker, Kubernetes, and Aqua Trivy.

  • Supply chain dashboard - Helps you to view the organization-level security posture, applications and their risk status and security alerts.

  • Application status page - Displays the security status, active vulnerabilities, and alerts of the running services.

  • Alerts Management - Ability to track and resolve security alerts across environments with SSD suggestions.

  • SBOM - Generate software bill of materials for the deployed images.

  • DBOM - The Delivery Bill of Actions and Materials is a comprehensive report that offers complete visibility of the software development process, from coding to deployment. It keeps track of crucial information such as tools used, actions taken, artifacts produced, and security checks performed during the software delivery process. This report serves as a valuable tool to monitor and optimize software development.

  • Smart Diff - Helps you to dry run code promotion from one environment to another. By doing so, you can compare the services that run in different environments in terms of their security status, active alerts, vulnerabilities, and dependencies. This helps you understand the impact that a new version of a service may have when deployed to production.

  • Slack Integration - Ability to share alerts to Slack channels.

Last updated