Signed pipelines
A step closer to zero-trust CI/CD

Strengthen your security by signing step instructions and verifying the signature before running jobs.

Signing pipelines ensures build agents cannot run jobs with instructions modified by a malicious actor. This improves your security posture and moves you toward zero-trust CI/CD by further isolating you from Buildkite itself being compromised.

With Signed Pipelines, pipelines are cryptographically signed when they are uploaded to Buildkite. Build agents will verify the signature before running the job, and if an agent detects a signature mismatch, the job will not be run. The signature guarantees the origin of jobs by asserting the jobs were uploaded from a trusted source and that the jobs haven't been modified after upload.

Signed Pipeline steps are available for use in Terraform as a data source in the latest version of Terraform Buildkite Provider.

1% improvements

A glimpse into some of the smaller features, fixes, and enhancements our engineering and product teams are constantly shipping.

FixImprove pipeline filter usability.Pipelines
FixSupport links to deeply-nested GitLab repositories.Pipelines
EnhancementImprove pipelines-schema JSON Schema.Pipelines
EnhancementLink to relevant job from GitHub commit statuses after retries.Pipelines
EnhancementImprove efficiency of build list data loading.Pipelines
EnhancementImprove efficiency of data loading for REST API build requests.Pipelines
EnhancementImprove efficiency of data loading for REST API job requests.Pipelines
FeatureCreate build annotations using the REST API.Pipelines
EnhancementHide info-level annotations from build failures tab.Pipelines
FixImprove accuracy of pipeline build counts.Pipelines
FixConsistently display rendered emoji from short codes in Clusters navigation sidebar.Pipelines
EnhancementAbility to alter concurrency limit dynamically for CancelBuildWorker.Pipelines
FixEnsure a job only starts if it's assigned to the right agent.Pipelines
EnhancementImprove speed and efficiency of scheduled builds by processing them in parallel.Pipelines
FixFix local plugin with one path component.Pipelines
FixWhen a parent build is canceled, ensure trigger jobs with a block step are canceled.Pipelines
EnhancementEnhanced handling of NoSuchBucket errors like AccessDenied for Build Exports.Pipelines
FixImproved agent ping cycle to remove unintended latency.Pipelines
FixFix 404 issues when using read replicas.Pipelines
FixOnly script jobs should have timeout_in_minutes not trigger jobs.Pipelines
FixFix interpolating default values.Pipelines
EnhancementAdd step ID and signature to build API.Pipelines
FixInvalidate the cache when reset so org can see quota changes immediately.Pipelines
EnhancementUse read replica for Builds API to reduce load on primate DB.Pipelines
FixRate limit each build to 1000 meta-data set calls per min.Pipelines
FixDetect when tables are under heavy load.Pipelines
EnhancementSimplify our internal logging.Pipelines
EnhancementEnhance selected DB columns to use bigint (8 bytes -9223372036854775808 to +9223372036854775807). Pipelines
EnhancementUpdate gem version.Pipelines
EnhancementShow banner on org locked page when in maintenance mode.Pipelines
FeatureEmail customers with elastic stacks using go1.x runtime with deprecation notice.Pipelines
FixUse service quotas for pipeline uploads.Pipelines
EnhancementInform customers about the processing of webhooks during a maintenance window.Pipelines
EnhancementAdd audit logging for locking and unlocking of org.Pipelines
FixVerify a job is assigned to the agent that is trying to run it.Pipelines
EnhancementAgent ping confirms job_id is present before doing anything.Pipelines
EnhancementRefresh links throughout Test Analytics to be more accessible.Test Analytics
FixAll Test Analytics links that occur within a table row to wrap the entire row.Test Analytics
FixLinks in our stack trace logs are now fully clickable.Test Analytics
EnhancementREST API runs endpoint allows filtering by build_id.Test Analytics
FeatureOur Test Analytics REST API endpoints are out of beta.Test Analytics
EnhancementMake test#show build link take you to relevant step in your pipelines build page as per execution#show.Test Analytics
EnhancementUpdate error states across our Test Analytics tables to ensure consistency.Test Analytics
FixFix a race condition leading to runs remaining in an unfinished state.Test Analytics
EnhancementRevamp run and test execution metadata styles.Test Analytics
EnhancementMake the hide spans experience better.Test Analytics
EnhancementLoad more spans more easily in `Span timeline` tab.Test Analytics
FeatureAdd Playwright support to test-collector-javascript.Test Analytics
EnhancementAutomatically update test suite slug name when renaming a suite.Test Analytics
EnhancementDocument how to solve rubygem conflicts with our collector.Test Analytics
FixFix checkout of short commit hashes.Agent
FixFix parsing pipelines that use a string as the skip key in a matrix adjustment.Agent
EnhancementUse alpine from ECR in all Docker builds.Agent
FixFix typo in environment variable name for allowed-plugins.Agent
EnhancementExperiment with pty-raw avoiding LF→CRLF mapping by setting PTY to raw mode.Agent
FixFix flaky TestLockFileRetriesAndTimesOut.Agent
EnhancementParallelize artifact collection.Agent
EnhancementAdd log group headers and timestamps to job verification success and failure logs.Agent
EnhancementUse exponential backoff for retries.Agent
EnhancementMake byte quantities more readable.Agent
EnhancementEnhance the functionality of agent log streamers.Agent
FixOptimize routines by changing the order.Agent
EnhancementUse more efficient pattern matching when traversing.Agent
EnhancementLog warning about short vars on one line (rather than multiple).Agent
EnhancementUse a timestamp field and a timeout check on each write to logs.Agent
EnhancementReduce information in verification errors.Agent
EnhancementEnhance interpolation helpers.Agent