Atlassian has been catering to the needs of developers for years with its Jira Software platform, but it has been missing some security capabilities that organizations need. It's a situation that Atlassian is now fixing.
On June 6, Atlassian announced new security capabilities in the Jira Software Cloud to help enable DevSecOps. Jira is widely used by organizations as part of the DevOps lifecycle for building and tracking application development. A critical component of modern DevOps is the integration of security — enabling DevSecOps for security analysis, vulnerability tracking, and remediation of potential vulnerabilities. Many organizations use a separate set of tooling for security, which often isn't directly integrated with Jira. However, that's now changing.
Atlassian is partnering with a series of security vendors — including Snyk, Mend, Lacework, StackHawk, and JFrog, with more to follow — whose tools can now be tightly integrated with Jira. As a result, teams now have a centralized hub within Jira Software's Security tab to efficiently handle and prioritize vulnerabilities identified across their security tools.
"Until now, teams often needed to manually copy and paste vulnerability data from many tools into Jira Software to triage, or write custom code to funnel vulnerabilities automatically into Jira Software," Andrew Pankevicius, Atlassian's senior product manager of Jira Software DevOps, told ITPro Today. "With security in Jira Software, we have removed this busywork from teams and enabled a more reliable and refined triaging experience."
Enabling DevSecOps with Atlassian Jira as a 'Mission Control' Center
Atlassian's goal is to simplify security management, with Jira Software as the mission control center for DevSecOps, according to Pankevicius.
"We want teams to use their preferred security tools, so we have intentionally partnered with vendors that provide services for each stage of the software development lifecycle — from code to runtime," he said.
The goal of bringing security insights directly into Jira Software is to minimize context switching, so developers can spend less time clicking between apps and more time shipping secure code, Pankevicius said. The integrations also enable developers to address more quickly the highest priority vulnerabilities and accelerate development velocity, while reducing the risk of each release.
How Security in Jira Works to Accelerate DevSecOps
With security in Jira, vulnerabilities from the security partner tools are automatically pulled into Jira Software.
The automations for the security tool integrations can be set to prioritize the most severe vulnerabilities first. Once activated, Jira automation can create a Jira issue and log it into a team's backlog or sprint board, automatically assigning a due date and owner.
Atlassian's new security vendor tool integration with Jira Software isn't the only security effort currently underway at the company. At its Team23 event in April, Atlassian announced it was working on its own security tool, code-named Beacon. The Beacon technology is an attempt to help organizations better secure ITSM and DevOps data. Beacon is currently in a closed beta and not yet publicly available.
About the author
Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He consults to industry and media organizations on technology issues.
