Atlassian Implements Security in Jira to Prioritize DevSecOps

Highlights:

• Jira now automatically pulls vulnerability information from security vendors so developers and engineers do not have to switch between tools during their workflows.
• The new Security tab, software teams can now understand each vulnerability’s context and risk level and all the data and metadata produced by the security vendor.

Atlassian Corp. recently unveiled new security features for Jira Software Cloud, the company’s project management and software issue tracking tool, intending to streamline developers’ workflows by giving them direct access to security visibility.

Developers and engineers invest significant time using various tools during the development lifecycle, including those for coding, integration, testing, deployment, and vulnerability detection. Security has been automated at every stage of the continuous integration and delivery process in order to keep up with the speed at which software development is progressing.

All of this is a part of the DevOps philosophy, which unifies the efforts of development teams and operations teams into a single cycle of collaboration. This means tools may detect and report vulnerabilities at any level of development or deployment to the relevant team for rectification before being reintegrated into the process.

The issue, according to Andrew Pankevicius, Senior Product Manager at Atlassian, is that as more tools have been developed to address this issue, it has resulted in a more dispersed security environment for developers.

Andrew Pankevicius said, “Each of these tools focuses on a different part of the process, resulting in organizations using multiple security tools. Today, enterprises use nine (or more) security tools on average. As a result, software development teams have to sift through a tremendous volume of vulnerabilities recorded in siloed tools. It’s not just time-consuming, it’s error-prone.”

Atlassian collaborated with security vendors to automatically extract vulnerability information directly into Jira, eliminating the need for developers and engineers to transition between tools. Data from Snyk, Mend, Lacework, StackHawk, and JFrog, along with more to come, can be used to forewarn DevOps teams about trackable issues so they can quickly understand what needs to be fixed and send it to the appropriate people for triaging the issue in a centralized location.

Thanks to the new Security tab, software teams can now understand each vulnerability’s context and risk level and all the data and metadata produced by the security vendor. This means that the severity level is color-coded and noted, allowing the team to prioritize vulnerabilities and remain on task. In this manner, the team can rapidly eliminate severe vulnerabilities and repair less severe ones in mass.

According to Pankevicius, customers of Atlassian will be able to “shift their security practices left into the planning rituals that they do every single day.” According to the company, this will relieve DevOps teams of prioritizing and fixing vulnerabilities before sending new software and features in the development lifecycle.

Vice President of engineering at fintech platform Derivative Path, Jake Colman, said, “Teams are already managing their work in Jira Software. The new security tab brings security to the forefront of our weekly sprints and planning cycles. My development teams no longer need to go into a separate security tool, they get everything they need right here in Jira Software.”

All Jira Software Cloud customers can now access the new security features for free by visiting the Security tab.