v1.1.0

The following new capabilities and improvements are available with IBM® Concert version 1.1.0.

Release date: 29 April 2025

• Installation and deployment updates
  • Support for using your own storage class for on-premises deployments to IBM Cloud Kubernetes Service (IKS) or Amazon Elastic Kubernetes Service (EKS) clusters. Learn more.
  • Support for installing Concert in an air-gap environment on an OCP (without CPFS), IKS, or EKS cluster. Learn more.
  • Support for installing Concert in an air-gap environment on a virtual machine (VM). Learn more.

• Inventory
  • Ability to view historical data and trends for each application, repository, and build artifact. Learn more.

• Data Apps add-on
  • Support for setting up external data repositories for the Concert Data Apps add-on. Learn more.

• Concert Workflows (add-on and standalone)
  • A new standalone deployment method allows you to install Concert Workflows as an independent instance as opposed to an embedded add-on. Learn more.
  • Major improvements to simplify the Concert Workflows installation process on a virtual machine (VM) or OCP cluster. Learn more.
  • Ability to install remote workers to run workflow tasks on a remote host. This option is available only if you are running a standalone version of Concert Workflows, not with the embedded add-on. Learn more.
  • Ability to use AI, powered by IBM watsonx.ai, to generate workflows by describing the task you want to complete. This feature is available as a preliminary preview. Learn more.
  • Ability to backup and restore Concert Workflows. Learn more.
  • Twenty new or modified workflows are now available on the IBM Automation Library for use with Concert Workflows. Refer to the respective products areas for details. Learn more.

• Compliance dimension
  • Ability to import and export compliance assessments and profiles to and from your Concert instance. Learn more.
  • Support for compliance scans generated from IBM Z® Security Compliance Center (IBM Z SCC). Learn more.
  • Using Concert Workflows, you can import a prebuilt workflow from the IBM Automation Library to ingest compliance scans from CyberSaint. Learn more.

• IBM Z APAR insights dimension
  • Improved library views: Introduced two new tabs, z/OSMF libraries and Unmanaged libraries, to clearly separate z/OSMF managed from unmanaged libraries, providing a unified view of products, features, and system-level installation information. Learn more.

• Integrations (connections)
  • Ability to connect with a GitLab account for ticketing purposes. Once the connection is established, you can open GitLab tickets manually from the Concert UI or configure an automation rule to do so automatically in response to a triggering event or condition. Learn more.

• Inventory
  • Ability to import and export environment data to and from your Concert instance. This can be useful for cloning environment data by modifying the name of the environment in the exported file and importing the modified file. Learn more.
  • Using Concert Workflows, you can use a prebuilt workflow from the IBM Automation Library to ingest repositories from GitLab. Learn more.

• Operations dimension
  • Using Concert Workflows, you can use a prebuilt workflow from the IBM Automation Library to configure automatic certificate renewal with Windows Remote Desktop (RDP). Learn more.

• Resilience posture
  • Three new non-functional requirement (NFR) libraries are available. These libraries provide SRE practitioners with a standardized scoring system to evaluate container images, micro-service workloads, and VM health. You can reference the requirements in one or more libraries when defining resilience profiles, setting target goals and ingesting input metrics from common tools and services to assess application resilience. Learn more.
  • Using Concert Workflows, you can use a prebuilt workflow from the IBM Automation Library to import resilience data from Dynatrace, Datadog, Instana, and ServiceNow to assess application resilience and generate remediation recommendations. Learn more.
  • New data visualizations allow you to see resilience assessment overviews, scores, and trends by category.
  • When creating a resilience profile, you can now select a subset of metrics for which the last value sent will be carried forward for an assessment. This eliminates the need to resend values that haven't changed between assessment periods.
  • The input metrics for a resilience assessment now include information about the source, timestamp and the aggregations performed.

• Software composition dimension
  • Ability to refresh package SBOM details for all packages or for an individual package.
  • UI/UX enhancements to improve software composition analysis.

• Vulnerability dimension
  • When using Concert risk score, a Concert-specific method for evaluating and prioritizing CVEs, the scoring scale has been adjusted to render a score from 0-10. Learn more.
  • Vulnerability findings now include an Exploitability value, environmental factors, age of the vulnerability, and AI-generated details about the attack vector, active exploits, and remediation. Learn more.
  • A new warning appears when a CVE priority recalculation has failed.
  • UI/UX enhancements to configuring CVE priority calculation and scoring settings in the global settings (Administration > Settings).
  • CVE priority and scoring settings are no longer configured at the application level.
  • A new feature, referred to as "proactive shift-left vulnerability management" alerts you to package vulnerabilities as soon as a new commit is added, enabling early detection and proactive mitigation of security risks. Learn more.
  • Using Concert Workflows, you can use a prebuilt workflow from the IBM Automation Library to import several new auto-remediation workflows from the IBM Automation Library to streamline vulnerability management, identify applicable fixes, recommend remediation steps, and trigger automated patching workflows. New workflows include:
    • Red Hat® Enterprise Linux® patching
    • Amazon-Linux patching
    • Microsoft Windows patching
    • Apache Tomcat
    • Docker Hub images
  • Using Concert Workflows, you can use a prebuilt workflow from the IBM Automation Library to import vulnerability scans from AWS Inspector or Amazon Linux Security Advisory (ALAS). Learn more.