All teams involved in the software development process strive to minimize friction and move closely together as part of the development lifecycle, while following the workflows and processes that work best for them. Atlassian supports this in the form of the suite Open DevOpswhich empowers teams to use their favorite tools for their unique tasks and projects, while still collaborating on one central platform.
Atlassian has now taken another step on the way to even smoother collaboration between the teams involved and implemented new security-related features in Jira Software. They are designed to help organizations better prioritize security issues by giving development teams more visibility into the security aspects that should be addressed. Atlassian promises that security issues can be integrated into development much more efficiently and earlier.
The expanded scope of DevSecOps
Security issues are a top priority in companies large and small – and the security of the published solutions unleashed on customers is only the last link in the chain. According to Gartner, securing the software delivery pipeline is now just as important as securing the software being shipped. This development has catalysed the DevSecOps concept, which envisions building security into every single aspect of software development.
But securing software is not trivial. Whenever new technologies are implemented in the development process, new attack surfaces arise. In the modern software world, it is absolutely impossible for teams to consider every single security perspective. Organizations must face the inescapable reality that their code is vulnerable.
Many tools create more complexity
The new generation of security tools are being developed to address this problem. They bring automated security testing into every step of the development cycle. However, each of these tools focuses on a different part of the process, so that companies end up using a large number of security tools: Large software houses use an average of nine or more dedicated security tools.
The bottom line is that software teams have to dig through an enormous mass of potential vulnerabilities that have been identified in siled tools. And this procedure not only takes a lot of time, it is also error-prone. Without a centralized place to manage this information, important discoveries risk being lost in the general noise.
A new set of security features in Jira
Atlassian has recently partnered with several leading security vendors to integrate these popular tools into Jira. It refers to Snyk, Mend, Lacework, StackHawk and JFrog; further collaborations are planned.
With the Security tab in Jira, teams now have a centralized place to triage, prioritize, assign, and task-manage all vulnerabilities uncovered by security tools.
More context to address vulnerabilities earlier
This new section gives software teams more context and the ability to filter vulnerabilities and rate them by severity. This helps teams solve the right problems first to improve velocity while minimizing release risks.
Automatic creation of cases with security information
The new feature set includes the option for Jira to automatically create an issue enriched with security details for an identified critical vulnerability. In turn, lower-priority vulnerabilities can easily be incorporated into the team’s sprint planning. This helps developers stay focused by only allowing for ad hoc breaks when absolutely necessary, while supporting careful prioritization of security risks.
Integrate security into existing processes
And last but not least, the team always has an overview of which problems are currently being processed and what the status is. Thanks to Jira, security aspects can be integrated into the development team’s existing workflows, which significantly supports the DevSecOps implementation.
Jira makes it easy to embed security deeper into the existing development workflows – and this helps to make the entire process more secure, right through to the delivery of the customer solution. The new features are now available on all Jira Cloud plans.
Your partner for Atlassian software in the cloud
Atlassian will end support for its server products in February 2024. So use the remaining time and find out about moving to the cloud. Or, even better – simply try them out: with ours Cloud Migration Trial you can test the cloud and its advantages yourself and gain initial experience without affecting your existing production system.
Have you made your decision to go to the cloud and want to find out if your business is ready to make the switch? Then we recommend that you browse through our short cloud quiz to click – in just 11 questions it turns out whether and how “ready for migration” you are! It is also worth finding out more about data protection in the cloud before migrating. Together with that Privacy expert Thomas Rosin we have you here some information as well as a practical flight plan compiled with all steps.
Further information
Jira and Open DevOps: Unleash the potential of software teams with the best DevOps toolchains
Less stress and more planning thanks to Jira templates
Jira Product Discovery: pouring ideas into a structure
How Awesome Custom Fields for Jira helps with clear and visible communication