Leading productivity software company, Atlassian has announced the roll-out of new security capabilities in Jira Software Cloud, the company’s renowned project development and issue-tracking tool. The announcement was reported by siliconANGLE.
‘Security in Jira’ is tied to the company’s effort to help organisations grant DevOps teams enhanced visibility into critical security flaws that need to be mitigated. That said, software development is a highly convoluted process that requires developers to rely on multiple security systems to automate security throughout the development or deployment stages.
These automated tools help developers flag vulnerabilities at each step of the process in continuous integration and delivery and send them to the designated team to address and feed back into the required workflow. However, the incorporation of an increasing number of security automation tools during the software development lifecycle leads to an increasingly fragmented security landscape that makes the process arduous.
‘Each of these tools focuses on a different part of the process, resulting in organizations using multiple security tools,’ explained Andrew Pankevicius, Atlassian senior product manager. “Today, enterprises use nine (or more) security tools on average. As a result, software development teams have to sift through a tremendous volume of vulnerabilities recorded in siloed tools. It’s not just time-consuming, it’s error-prone.”
With the newly introduced free DevSecOps workflow option, Atlassian is committed to enabling Jira Software Cloud users to exert more control on their security landscape from within a single platform. In the first release, Security in Jira is capable of tying in security vulnerability management systems from five partners: Mend.io application security testing, Snyk code scanning, StackHawk application and API security, Lacework’s cloud-native application protection platform, and JFrog DevOps system for hosting, managing, and distributing binaries and artefacts.
The tech behemoth has confirmed its collaboration with more companies for future releases. Data from the partner tools fed into the Jira system is expected to help DevSecOps teams efficiently filter and prioritise security flaws through their current workflows. The integrations are enabled through the Atlassian Open DevOps framework. Security in Jira is meant to automatically create and connect Jira issues to security vulnerabilities and populate those issues with security details or task-associated teams.
Atlassian’s Open DevOps add-in allows users to tie in third-party tools together through deployments and release tabs. Now, with Security in Jira, vulnerability data from partner tools can be pulled and pre-integrated into a separate security tab in the Jira interface without requiring users to go through any custom work.
‘This is expanding the scope of Jira Software to bring security into that native experience, to make it a native part of Agile planning for software development teams,’ said Suzie Prince, head of product for DevOps at Atlassian. ‘If they’re using one or more [partner tools], it will merge those vulnerabilities to provide a holistic view of all of the vulnerabilities that impact a particular project…either at the code level or [in] issues that might appear at runtime as well.’
That said, Atlassian products are aimed at helping teams bolster their productivity to drive business agility. However, for an organistaion using the Atlassian stack for its agility, collaboration, and project management, leveraging a managed service provider (MSP) like Automation Consultants is a sensible business investment.
With a high-quality MSP, teams can keep their Atlassian systems functioning at their best while slashing the total cost of ownership (TCO) and minimising the risk of downtime. Security in Jira has been brought to Jira software amid the company’s wider security push. At its Team23 event in April, the tech giant declared its plans to roll out Beacon (currently in beta), Atlassian’s own tool for detecting, analysing and responding to risky user activity across Atlassian cloud products.
Sohela is an electrical engineer and a self-professed writer with a keen interest in all things tech. When she’s not writing killer content pieces, you’ll find her enjoying tempting foods in her favourite restaurants.