Valiantys Ltd

Atlassian Bamboo

Atlassian Bamboo is a continuous integration (CI) tool that can be used to automate the release management for a software application, creating a continuous delivery pipeline. Purchase, renew or upgrade your Atlassian Bamboo Licence with Valiantys, your dedicated Atlassian Licence Specialist.

Features

• Simplified Procurement, cost optimisation and expert advise
• Continuous Integrations, Continuous delivery (CI/CD).
• Count on Bamboo as your continuous integration and build server.
• Run automated tests in Bamboo
• Development workflow
• Deep integration with Jira Software, Bitbucket, and Fisheye.
• Available in Cloud, Data centre or Server
• Jenkins importer

Benefits

• Tech Stack
• Deployment projects
• Better CI/CD with Bamboo
• Continuous learning with training, support and best practices.
• Full SCM Support
• Bamboo alleviates pain found between CI and Git/Mercurial.

£1,500 to £500,000 an instance a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at orders.uk@valiantys.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

296678775807198

Contact

Luc Boucher
+44 (0) 203 176 7980
orders.uk@valiantys.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: If/when security breaches are discovered by the software vendor (Atlassian), they would contact all their customers and advise on the different steps to take. If any maintenance has to be undertaken on the servers provided by Valiantys, our hosting team will contact our customers to confirm which time is most suitable for this planned maintenance. We will always aim at reducing down time and lowering the impact on users. Atlassian hardware requirements are available in the Atlassian documentation: https://confluence.atlassian.com/alldoc/atlassian-documentation-32243719.html.
• System requirements:
  • Licences for the required Atlassian products and potential add-ons
  • Web browser
  • Access to Internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We offer different support packages (Standard, Enterprise or Unlimited ) which have different SLAs, further detail here https://valiantys.com/legal/sla.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer different support packages (Standard, Enterprise or Unlimited ) which have different SLAs, further detail here https://valiantys.com/legal/sla.; ; Indicative costs for each of them are listed in our pricing document.; ; Our customers have access to a team of support engineers who can assist them with their queries.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: - Online documentation ; - Training if required (additional cost)
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Online
• End-of-contract data extraction: Users can extract all data through an XML export.
• End-of-contract process: We will provide an XML export containing all the tools' data. We would then delete all backups and any sensitive information from the client. Data migration to another system may require days of consultancy, which would come at an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our service can be accessed through a browser on mobiles as well. In this case, there wouldn't be any difference with the desktop service. ,The client can also install the relevant mobile application which has a different user interface. Functionalities available in the desktop version may not always be available in the mobile version. We will be able to confirm those differences and limitations based on the client's requirements.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Interface is an online web portal that can be accessible via any desktop or mobile browser, or dedicated applications.
• Accessibility standards: None or don’t know
• Description of accessibility: All relevant information can be found here: https://www.atlassian.com/accessibility.
• Accessibility testing: All relevant information can be found here: https://www.atlassian.com/accessibility.
• API: Yes
• What users can and can't do using the API: You can use the REST API to build add-ons for Jira, develop integrations between Jira and other applications, or script interactions with Jira.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Available customisations: - On the user interface (service provider, administrator and/or end user based on permissions) - On reports and dashboards (service provider, administrator and/or end user based on permissions) - Using add-ons to enhance the tool's functionalities (service provider, administrator and/or end user based on permissions) - Through configuration (service provider, administrator and/or end user based on permissions) - With our managed hosting service: main options are adding a staging environment, VPN Tunnel, File system encryption, Disaster recovery. (service provider) Most customisations can be done through simple configuration of the tool. Scripts or add-ons can also be used.

Scaling

• Independence of resources: We set up a virtual private cloud per client.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide service metrics regarding our managed hosting services: e.g. CPU usage, RAM, support usage, etc.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: They can export some data on their own, or can also contact their service provider for a full data export (XML).
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The level of availability of our service is 99.5%. Refunds are limited to 10% of the total amount of the contract, and will be negotiated on a case-by-case basis before contract sign-off.
• Approach to resilience: This will mainly depend on the architecture and set up (different based on each client's requirements: i.e. cluster environment, disk speed, etc.). Network and equipment are guaranteed by a third party.
• Outage reporting: Email alerts and/or provided software.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Personal named accounts with password and user name.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The British Assessment Bureau
• ISO/IEC 27001 accreditation date: 14/06/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • HIPAA Compliant
  • EU GDPR Compliant
  • Privacy Shield Compliant

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Responsibility for security sits under the following: - Our hosting provider, which rents us a data center - Valiantys, who handle service installation and support - Atlassian, who develops and maintain the software. The main security policies/processes we follow are: - Physical and environmental security (e.g. Fire detection and suppression, Power, Climate and temperature, Storage device decommissioning, Physical access to the data center). - Business continuity management (Availability, Company-wide executive review) - Network security (Secure network architecture, Secure access points, Transmission protection, Fault-tolerant design, Network monitoring and protection, Account review and audit, Background checks, VPN, Workstation security, Separated private clouds per customer, Firewalls, etc.) - Credentials (Individual user accounts, Password policy, Multi-factor authentication, Server access) - Data security (Data access, Data deletion at the end of the contract, SSL, Data encryption, Security logs, Backups, Backup retention, Restore procedure, Restore procedure check, Pen tests) - Operations (Security organisation, Change management process, Incident management process, Problem management process, Periodic access rights review, Security incident management, Disaster recovery) For further information please contact us.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our change management process is based on ITIL best practices. A change is created whenever something needs to be added/modified/removed on any of our server or global AWS configuration. The change will go through several validation before being released in production.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Everyone at Valiantys has the ability to create a security incident, to be handled by our hosting and support team. Security incidents are also raised when security vulnerabilities are found on Atlassian tools or any middleware tools we use (SSL, MySQL, Java, Apache Tomcat, Apache HTTPD). Our hosting and support team is continuously monitoring for potential security vulnerabilities on any of those tools. When a vulnerability is found, we immediately inform our customers, and raise a change in order to apply a patch to fix the issue in the best delay.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Everyone at Valiantys has the ability to create a security incident, to be handled by our hosting and support team. Security incidents are also raised when security vulnerabilities are found on Atlassian tools or any middleware tools we use (SSL, MySQL, Java, Apache Tomcat, Apache HTTPD). Our hosting and support team is continuously monitoring for potential security vulnerabilities on any of those tools. When a vulnerability is found, we immediatly inform our customers, and raise a change in order to apply a patch to fix the issue in the best delay.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are created by customers using emails, our support portal or by the Valiantys hosting and support team. An incident can be declared as blocker if it has significant impact on end-users (service down or a major bug, for example). Our hosting and support team handles tickets in the following priority order: - Service down (incidents are automatically created from our monitoring tool) - 30mn SLA - Blocker incidents - Security incidents - SLA breached tickets - All other tickets

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  With our environmental policy firmly in place, we ensure that we meet the following: Valiantys recognises that it has a responsibility to the environment beyond legal and regulatory requirements. We are committed to reducing our environmental impact and continually improving our environmental performance as an integral part of our business strategy and operating methods, with regular review points. We will encourage customers, suppliers and other stakeholders to do the same.

Pricing

• Price: £1,500 to £500,000 an instance a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free temporary licences can be requested to evaluate the service. Those licences are valid for 30 days and offer the exact same set of functionalities as commercial licences. Temporary licences can be renewed up to two times. Please contact us to request a temporary licence.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at orders.uk@valiantys.com. Tell them what format you need. It will help if you say what assistive technology you use.