Be part of prime executives in San Francisco on July 11-12, to listen to how leaders are integrating and optimizing AI investments for fulfillment. Learn More
Collaborative software program supplier Atlassian at this time unveiled a groundbreaking function for its famend growth issue-tracking software program, Jira. The “Safety in Jira” function permits customers to combine common safety instruments in Jira’s Safety tab. With this function the corporate seeks to revolutionize how organizations prioritize safety by granting software program groups improved visibility into essential safety points.
The corporate has partnered with different developer safety firms — Snyk, Mend, Lacework, Stackhawk and JFrog — to empower groups to deal with safety considerations extra effectively and earlier within the software program growth lifecycle. This collaborative effort goals to allow organizations to deal with safety challenges proactively and improve their general software program growth processes.
“Our aim with Safety in Jira is to make safety a local a part of the agile planning rituals central to wonderful software program groups. With the Safety tab, we’re shifting safety left whereas growing transparency throughout instruments and groups so Jira Software program’s greater than 100,000 customers will now be capable to extra simply and successfully deal with vulnerabilities,” Suzie Prince, head of product for DevOps at Atlassian, instructed VentureBeat.
Atlassian believes that with common safety instruments built-in into Jira Software program’s Safety tab, growth groups will be capable to streamline their workflows and deal with vulnerabilities with higher agility.
Based on Prince, software program groups ought to prioritize safety as it’s now not restricted to builders alone.
“We wish to make it straightforward for anybody within the software program workforce to entry and perceive their product’s safety posture,” mentioned Prince. “Our new function permits groups to grasp the significance of every vulnerability, to allow them to prioritize mission-critical options sooner and scale back the danger of every launch. This additionally helps enhance developer effectivity by minimizing advert hoc interruptions.”
Beginning at this time, the brand new safety capabilities shall be accessible to all Jira Software program Cloud customers.
The corporate instructed VentureBeat that customers could have the choice to allow the safety tab and effortlessly combine their current instruments, permitting them to discover this strong integration.
Mitigating information breaches with new DevSecOps options
Atlassian believes securing software program has grow to be a frightening activity because of the dynamic nature of the event course of and the proliferation of latest applied sciences. Groups usually battle to comprehensively deal with every potential assault vector, given the quite a few vulnerabilities current within the code.
The corporate’s inner analysis recognized the emergence of highly effective safety instruments, every specializing in a particular facet of the software program growth course of. Organizations use a number of safety instruments, averaging over 9 per enterprise.
The corporate acknowledged that this fragmented method leads to vulnerabilities scattered throughout varied instruments, resulting in inefficiencies and an elevated probability of growth groups making errors. Recognizing the necessity for a centralized resolution, Atlassian launched “Safety in Jira” to deliver collectively main safety instruments inside Jira Software program.
“Our aim is to simplify safety administration with Jira Software program because the mission management middle. We wish groups to make use of their most popular safety instruments, and have deliberately partnered with distributors that present providers for every stage of the software program growth lifecycle — from code to runtime,” Atlassian’s Prince instructed VentureBeat. “By bringing safety insights straight into Jira Software program, we’re streamlining safety software program rituals and minimizing context switching, so builders can spend much less time clicking between apps and extra time delivery high-quality, safe code.”
Prince mentioned that the brand new function retrieves information from an organization’s most popular safety vendor(s) to supply a complete overview of vulnerabilities impacting their product, from the code stage to runtime. These vulnerabilities are then routinely linked to Jira points and integrated into the workforce’s sprints, enabling them to shortly deal with them with the mandatory context.
“Till at this time, groups usually wanted to manually copy and paste vulnerability information from many instruments into Jira Software program to triage or write customized code to funnel vulnerabilities routinely into Jira Software program. With Safety in Jira, we’ve got eliminated this busywork from groups and enabled a extra dependable and refined triaging expertise,” she defined.
Atlassian mentioned that customers will even be capable to filter and prioritize vulnerabilities based mostly on severity, permitting them to stack rank the vulnerabilities accordingly. Moreover, customers can arrange automations to prioritize essentially the most extreme vulnerabilities. As soon as activated, Jira automation can generate a Jira concern and seamlessly add it to a workforce’s backlog or dash board, routinely assigning a due date and proprietor.
“With Jira Software program as the only supply of reality, builders can deal with the highest-priority vulnerabilities sooner and speed up growth velocity whereas lowering the danger of every launch,” mentioned Prince. “Our aim is to cut back complexity and friction and assist builders perceive essentially the most essential vulnerabilities to deal with them shortly and earlier. The safety tab in Jira routinely brings all vulnerabilities into one single pane, so builders can prioritize essentially the most pressing vulnerabilities in a single place with the peace of mind that they aren’t lacking something.”
Crafted in line with industrial safety wants
In non-public beta preview of the brand new functionality for purchasers, software program groups have been smitten by eliminating the time-consuming activity of manually copying and pasting vulnerabilities into points in Jira Software program, the corporate mentioned.
It additionally famous that clients have been excited concerning the enhanced visibility of vulnerabilities and safety for all software program workforce members.
“They have been happy that Atlassian is taking a proactive and visual method to integrating safety inside Jira Software program, making certain that safety stays a prime precedence all through the software program growth lifecycle,” added Prince. “With Safety in Jira, we consider {that a} workforce’s vulnerabilities will go straight into their backlog to enhance and assist simplify their dash planning.”
She emphasised that whereas automations are essential in expediting growth velocity, their effectiveness depends on a well-maintained toolchain. Due to this fact, she recommends that groups ought to frequently synchronize the configuration between Jira Software program and their safety instruments to constantly incorporate the most recent vulnerabilities.
“To operationalize this observe, groups must determine a toolchain supervisor to make sure they’re related and to maximise the effectiveness of their integrations,” mentioned Prince. “One of many challenges of standalone safety instruments is that solely builders have visibility. A finest observe is to overview vulnerabilities inside Jira Software program as a workforce, to cut back silos and prioritize safety throughout all the software program growth lifecycle.”