What’s new in Eficode ROOT: February 2025

Enhanced security and a new login experience with two-step verification

This new version of Bamboo now includes two-step verification, giving your account an added layer of security. By requiring a second authentication factor, such as a one-time code from an authenticator app, this feature helps safeguard your Bamboo environment against unauthorized access. It’s a seamless and effective way to enhance the protection of your CI/CD processes. Learn more about it here.

Two-step verification setup panel.

Work in style with the new dark theme

Bamboo 10.0 introduces a sleek dark theme, giving your CI/CD environment a modern, eye-friendly look. Perfect for late-night coding sessions and reducing eye strain, this feature ensures you can work comfortably while enjoying a visually refreshing interface. It’s not just a theme—it’s a mood.

Note: If your app incorporates visual elements, developers should check the guidelines for preparing a Data Center app for the dark theme, and designers should explore utilizing tokens.

New execution strategy for concurrent builds

When configuring the concurrent builds limit, you can block the build requests or allow them by stopping the oldest builds to maintain the limit. This feature ensures the latest commits are always built while keeping resource usage within your limits. Learn more here.

Simplified test case processing

Bamboo’s new simplified test case processing optimizes how test cases are handled during build executions. This feature ensures faster test results and smoother integration into your CI/CD pipelines by reducing redundant steps and improving the efficiency of test data processing. Whether dealing with unit tests or end-to-end scenarios, this enhancement minimizes overhead, giving teams the necessary insights without unnecessary delays. Learn more here.

Triggering a build after a successful deployment

Bamboo now supports triggering a build automatically after a successful deployment, streamlining instantly once a deployment is verified, saving time, maintaining momentum in your workflows, and ensuring seamless transitions between deployment and subsequent development phases. This feature eliminates manual intervention, allowing teams to kickstart new build CI/CD pipelines. Learn more here

Security improvements

AWS IMDSv2 support for Elastic Agents

Instance Metadata Service Version 2 (IMDSv2) for Elastic Agents is now supported. IMDSv2 enhances security by introducing a session-oriented approach for AWS Elastic Compute Cloud (EC2) metadata retrieval, significantly reducing the risk of unauthorized access.

Note: This enhancement applies exclusively to stock images or those customized from our stock images. IMDSv1 remains available as a fallback mechanism to ensure backward compatibility and broader support.

Enhanced encryption for Bamboo Server-Agent communication

Communications between the Bamboo server and its Agents now have enhanced encryption, ensuring a higher level of security for your CI/CD pipelines. This improvement protects sensitive data exchanged during builds and deployments, giving teams peace of mind that their workflows are protected against potential threats. The implementation seamlessly integrates into existing workflows, ensuring an uninterrupted and secure process for all users.

Permissions for deployment projects

Bamboo revamped permissions for deployment projects. Here’s the summary:

• New CREATE_RELEASE permissions that let you create deployment releases. It depends on the READ permission.
• New CLONE permission that lets you clone deployment projects. It depends on the READ and VIEW_CONFIGURATION permissions.
• New ADMINISTRATION permission that lets you do anything on the deployment project and automatically grants all other permissions.
• EDIT permission doesn't let you delete deployment projects; you need ADMINISTRATION.
• EDIT permission doesn’t depend on APPROVE_RELEASE anymore. That means you can still have EDIT but won’t be able to approve releases. The APPROVE_RELEASE permissions need to be granted separately

Administration

Disable OTP authenticator and WebAuthn devices independently (all users)

GitLab introduces the ability to disable OTP authenticators and WebAuthn devices independently, giving users and administrators more granular control over authentication methods. This enhancement ensures better flexibility and security when managing two-factor authentication for your account. Learn more here.

Enable Secret Push Protection in your projects via API (Ultimate)

It’s now easier to programmatically enable secret push protection. REST API application settings allow you to: 

1. Enable the feature in your self-managed instance to enable it on a per-project basis. 
2. Check whether the feature has been enabled on a project. 
3. Enable the feature for a specified project.

Learn more about these changes here.

New audit event when merge requests are merged (Ultimate)

GitLab now includes an audit event merge_request_merged specifically for when merge requests are merged. This addition provides better visibility into project activities, allowing administrators to track and log merges for improved oversight and compliance. It's a small but valuable enhancement for maintaining accountability in your workflows. Learn more here.

Top-level group Owners can create service accounts (Premium, Ultimate)

This a very neat feature that gives top-level group owners the ability to create service accounts directly. This feature simplifies managing automation and system integrations, giving group owners more control over resource allocation while maintaining security and organizational structure. Learn more here

Use API to get information about tokens (all users)

This feature allows you to retrieve detailed information about tokens using the API. It provides administrators and users an efficient way to track, manage, and review token usage, ensuring better control and security for your projects and integrations. Learn more here.

Project events for group webhooks (Premium, Ultimate)

GitLab added project events to group webhooks. Project events are triggered when:

• A project is created in a group.
• A project is deleted in a group.

These events are triggered for group webhooks only. Learn more here.

Admin setting to enforce CI/CD job token allowlist (all users) 

GitLab introduces an admin-level setting to enforce a CI/CD job token allowlist. This enhancement gives administrators greater control over which resources can be accessed by job tokens, adding an extra layer of security and ensuring only authorized resources are utilized in your pipelines. Learn more here.

Enabling job token permissions.

AI

Automated Repository X-Ray (Premium, Ultimate, Duo Pro, Duo Enterprise)

With the latest update, you can get Automated Repository X-Ray, a powerful tool for scanning repositories to detect security risks and vulnerabilities. This feature helps teams avoid potential threats by identifying issues early, ensuring a more secure and compliant codebase with minimal manual effort. Learn more here.

AI impact analytics API for GitLab Duo Pro (Premium, Ultimate, Duo Pro, Duo Enterprise)

The new AI impact analytics API in GitLab 17.6 provides valuable insights into how AI-powered features are used across projects. This tool helps teams measure efficiency gains, track adoption, and make data-driven decisions to optimize their workflows with GitLab Duo Pro. Learn more here.

Corporate network support for GitLab Duo (Premium, Ultimate)

Enterprises can now use GitLab Duo within corporate networks without compromising security or functionality. This update ensures AI-powered features work smoothly in restricted environments while maintaining compliance with internal network policies.

Use a self-hosted model for GitLab Duo Chat

Organizations now have the option to deploy GitLab Duo Chat using a self-hosted model, giving them complete control over data privacy and infrastructure. This update allows teams to leverage AI-driven collaboration while ensuring compliance with internal security policies and regulatory requirements. Learn more here.

Self-hosted models management.

UI/UX

Easily remove closed items from your view (all users)

Managing workspaces has become more efficient, and you can now quickly hide closed items from your view. This improvement helps keep dashboards and task lists uncluttered, allowing teams to focus on active work without distractions from completed issues. Learn more here.

Show closed items option.

Deploy your Pages site with any CI/CD job (all users)

Pages deployment is now more flexible, allowing teams to use any CI/CD job to publish their sites. This update removes restrictions on specific job configurations, making it easier to integrate Pages deployment into existing workflows and automate the process efficiently. Learn more here.

Page attribute usage.

Service accounts badge (Premium, Ultimate)

A new badge now distinguishes service accounts, making it easier to identify them across projects and groups. This improvement enhances visibility and helps teams manage access controls more effectively by clearly differentiating service accounts from regular user accounts. Learn more here.

New service account badge.

Display release notes on deployment details page (all users)

Deployment details now include release notes, providing teams clearer context on what’s being deployed. This improvement makes tracking changes, understanding updates, and ensuring smooth rollouts easier by keeping vital information readily available. Learn more here.

Release notes on the deployment details page.

Reporting

Query user-level GitLab Duo Enterprise usage metrics (Ultimate, Duo Enterprise) organizations can now access detailed insights into individual usage of GitLab Duo Enterprise. This feature helps track AI adoption, measure engagement, and optimize workflows by providing granular data on how users interact with AI-powered capabilities. Learn more here.

Secret Push Protection audit events for applied exclusions (Ultimate)

Audit logs now capture events when exclusions are applied to Secret Push Protection, providing greater transparency and security oversight. This enhancement helps teams track changes, review exemption decisions, and maintain compliance with security policies. Learn more here.

Filter GitLab Duo users by assigned seat (Premium, Ultimate, GitLab Duo Pro and Enterprise)

User management is now more efficient with filtering GitLab Duo users based on their assigned seats. This feature simplifies license tracking, helps administrators monitor usage, and ensures optimal allocation of AI-powered resources across teams. Learn more here.

Seat assignments management for GitLab Duo Pro.

Vulnerability report grouping (Ultimate)

Security teams can now organize vulnerabilities more efficiently with enhanced grouping in vulnerability reports. This improvement simplifies analysis by clustering related issues, making prioritizing fixes and streamlining remediation efforts easier. Learn more here.

Grouped vulnerability report.

Track CI/CD job token authentications (all users)

Authentication events for CI/CD job tokens are now logged, providing greater visibility into token usage. This enhancement helps teams monitor access, detect potential security issues, and ensure compliance with authentication policies. Learn more here.

Job token usage log.

Project development

Merge at a scheduled date and time (all users)

Merge requests can now be scheduled to merge at a specific date and time, giving teams greater control over deployments. This feature helps coordinate releases, reduce manual intervention, and ensure changes go live at the most appropriate moment. Learn more here.

Merge request scheduled.

Add support for values to the glab agent bootstrap command (all users)

The glab agent bootstrap command now allows specifying values, providing greater flexibility during agent setup. This enhancement simplifies configuration, making it easier to customize deployments and streamline the onboarding process for GitLab agents. Learn more here. 

Select a GitLab agent for an environment in a CI/CD job (all users)

CI/CD jobs now support selecting a specific GitLab agent for an environment, offering more control over deployments. This update ensures that jobs run using the appropriate agent, improving reliability, security, and consistency across environments. Learn more here.

Model registry now generally available (all users)

The Model Registry has moved out of beta and is now fully available for all users. This release enables teams to efficiently store, manage, and version machine learning models, streamlining the deployment and collaboration process within GitLab’s AI-driven workflows. Learn more here.

Model registry view.

Enhanced merge request reviewer assignments (Premium, Ultimate)

Reviewer assignments for merge requests are now more intelligent and flexible, ensuring the right team members are selected for code reviews. This improvement streamlines collaboration, distributes workload more effectively, and helps maintain high code quality. Learn more here.

Best reviewers assignment. 

Jenkins 2.479.3 addresses UI refinements, improves agent connection handling, and enhances performance in various core functionalities.

Additionally, minor bug fixes contribute to a more seamless user experience, reinforcing Jenkins’ robustness in automation workflows.