Atlassian unveils new DevSecOps feature in Jira to bolster security prioritization

Collaborative software program supplier Atlassian at this time unveiled a groundbreaking feature for its famend improvement issue-tracking software program, Jira. The “Security in Jira” feature permits customers to combine in style security instruments in Jira’s Security tab. With this feature the corporate seeks to revolutionize how organizations prioritize security by granting software program groups improved visibility into essential security points.

The firm has partnered with different developer security firms — Snyk, Mend, Lacework, Stackhawk and JFrog — to empower groups to deal with security considerations extra effectively and earlier in the software program improvement lifecycle. This collaborative effort goals to allow organizations to deal with security challenges proactively and improve their general software program improvement processes.

“Our goal with Security in Jira is to make security a native part of the agile planning rituals central to excellent software teams. With the Security tab, we’re shifting security left while increasing transparency across tools and teams so Jira Software’s more than 100,000 users will now be able to more easily and effectively address vulnerabilities,” Suzie Prince, head of product for DevOps at Atlassian, instructed VentureBeat.

Atlassian believes that with in style security instruments built-in into Jira Software’s Security tab, improvement groups will likely be ready to streamline their workflows and deal with vulnerabilities with higher agility.

According to Prince, software program groups ought to prioritize security as it’s now not restricted to builders alone.

“We want to make it easy for anyone in the software team to access and understand their product’s security posture,” mentioned Prince. “Our new feature allows teams to understand the importance of each vulnerability, so they can prioritize mission-critical solutions sooner and reduce the risk of each release. This also helps increase developer efficiency by minimizing ad hoc interruptions.”

Starting at this time, the new security capabilities will likely be accessible to all Jira Software Cloud customers.

The firm instructed VentureBeat that customers could have the choice to allow the security tab and effortlessly combine their present instruments, permitting them to discover this sturdy integration.

Mitigating knowledge breaches with new DevSecOps options

Atlassian believes securing software program has turn out to be a frightening activity due to the dynamic nature of the event course of and the proliferation of new applied sciences. Teams typically wrestle to comprehensively deal with every potential assault vector, given the quite a few vulnerabilities current in the code.

The firm’s inside analysis recognized the emergence of highly effective security instruments, every specializing in a particular facet of the software program improvement course of. Organizations use a number of security instruments, averaging over 9 per enterprise.

The firm said that this fragmented strategy outcomes in vulnerabilities scattered throughout varied instruments, main to inefficiencies and an elevated chance of improvement groups making errors. Recognizing the necessity for a centralized resolution, Atlassian launched “Security in Jira” to convey collectively main security instruments inside Jira Software.

“Our goal is to simplify security management with Jira Software as the mission control center. We want teams to use their preferred security tools, and have intentionally partnered with vendors that provide services for each stage of the software development lifecycle — from code to runtime,” Atlassian’s Prince instructed VentureBeat. “By bringing security insights directly into Jira Software, we’re streamlining security software rituals and minimizing context switching, so developers can spend less time clicking between apps and more time shipping high-quality, secure code.”

Prince mentioned that the new feature retrieves knowledge from an organization’s most popular security vendor(s) to provide a complete overview of vulnerabilities impacting their product, from the code stage to runtime. These vulnerabilities are then mechanically linked to Jira points and integrated into the crew’s sprints, enabling them to rapidly deal with them with the mandatory context.

“Until today, teams often needed to manually copy and paste vulnerability data from many tools into Jira Software to triage or write custom code to funnel vulnerabilities automatically into Jira Software. With Security in Jira, we have removed this busywork from teams and enabled a more reliable and refined triaging experience,” she defined.

Atlassian mentioned that customers can even have the option to filter and prioritize vulnerabilities based mostly on severity, permitting them to stack rank the vulnerabilities accordingly. Furthermore, customers can arrange automations to prioritize probably the most extreme vulnerabilities. Once activated, Jira automation can generate a Jira subject and seamlessly add it to a crew’s backlog or dash board, mechanically assigning a due date and proprietor.

“With Jira Software as the single source of truth, developers can address the highest-priority vulnerabilities faster and accelerate development velocity while reducing the risk of each release,” mentioned Prince. “Our goal is to reduce complexity and friction and help developers understand the most critical vulnerabilities to address them quickly and earlier. The security tab in Jira automatically brings all vulnerabilities into one single pane, so developers can prioritize the most urgent vulnerabilities in one place with the assurance that they aren’t missing anything.”

Crafted in accordance to industrial security wants 

In personal beta preview of the new functionality for patrons, software program groups have been captivated with eliminating the time-consuming activity of manually copying and pasting vulnerabilities into points in Jira Software, the corporate mentioned.

It additionally famous that clients have been excited in regards to the enhanced visibility of vulnerabilities and security for all software program crew members.

“They were pleased that Atlassian is taking a proactive and visible approach to integrating security within Jira Software, ensuring that security remains a top priority throughout the software development lifecycle,” added Prince. “With Security in Jira, we believe that a team’s vulnerabilities will go directly into their backlog to improve and help simplify their sprint planning.”

She emphasised that whereas automations are essential in expediting improvement velocity, their effectiveness depends on a well-maintained toolchain. Therefore, she recommends that groups ought to frequently synchronize the configuration between Jira Software and their security instruments to persistently incorporate the newest vulnerabilities.

“To operationalize this practice, teams need to identify a toolchain manager to ensure they’re connected and to maximize the effectiveness of their integrations,” mentioned Prince. “One of the challenges of standalone security tools is that only developers have visibility. A best practice is to review vulnerabilities within Jira Software as a team, to reduce silos and prioritize security across the entire software development lifecycle.”

VentureBeat’s mission is to be a digital city sq. for technical decision-makers to achieve data about transformative enterprise know-how and transact. Discover our Briefings.