Be part of prime executives in San Francisco on July 11-12, to listen to how leaders are integrating and optimizing AI investments for fulfillment. Study Extra
Collaborative software program supplier Atlassian at this time unveiled a groundbreaking function for its famend improvement issue-tracking software program, Jira. The “Safety in Jira” function permits customers to combine in style safety instruments in Jira’s Safety tab. With this function the corporate seeks to revolutionize how organizations prioritize safety by granting software program groups improved visibility into essential safety points.
The corporate has partnered with different developer safety firms — Snyk, Mend, Lacework, Stackhawk and JFrog — to empower groups to deal with safety considerations extra effectively and earlier within the software program improvement lifecycle. This collaborative effort goals to allow organizations to deal with safety challenges proactively and improve their general software program improvement processes.
“Our aim with Safety in Jira is to make safety a local a part of the agile planning rituals central to wonderful software program groups. With the Safety tab, we’re shifting safety left whereas growing transparency throughout instruments and groups so Jira Software program’s greater than 100,000 customers will now be capable of extra simply and successfully handle vulnerabilities,” Suzie Prince, head of product for DevOps at Atlassian, informed VentureBeat.
Atlassian believes that with in style safety instruments built-in into Jira Software program’s Safety tab, improvement groups will be capable of streamline their workflows and handle vulnerabilities with better agility.
Occasion
Remodel 2023
Be part of us in San Francisco on July 11-12, the place prime executives will share how they’ve built-in and optimized AI investments for fulfillment and averted widespread pitfalls.
Register Now
In accordance with Prince, software program groups ought to prioritize safety as it’s now not restricted to builders alone.
“We need to make it simple for anybody within the software program staff to entry and perceive their product’s safety posture,” stated Prince. “Our new function permits groups to grasp the significance of every vulnerability, to allow them to prioritize mission-critical options sooner and scale back the chance of every launch. This additionally helps improve developer effectivity by minimizing advert hoc interruptions.”
Beginning at this time, the brand new safety capabilities might be accessible to all Jira Software program Cloud customers.
The corporate informed VentureBeat that customers could have the choice to allow the safety tab and effortlessly combine their present instruments, permitting them to discover this strong integration.
Mitigating information breaches with new DevSecOps options
Atlassian believes securing software program has change into a frightening activity because of the dynamic nature of the event course of and the proliferation of latest applied sciences. Groups usually wrestle to comprehensively handle every potential assault vector, given the quite a few vulnerabilities current within the code.
The corporate’s inside analysis recognized the emergence of highly effective safety instruments, every specializing in a selected side of the software program improvement course of. Organizations use a number of safety instruments, averaging over 9 per enterprise.
The corporate acknowledged that this fragmented strategy ends in vulnerabilities scattered throughout varied instruments, resulting in inefficiencies and an elevated chance of improvement groups making errors. Recognizing the necessity for a centralized answer, Atlassian launched “Safety in Jira” to carry collectively main safety instruments inside Jira Software program.
“Our aim is to simplify safety administration with Jira Software program because the mission management middle. We would like groups to make use of their most popular safety instruments, and have deliberately partnered with distributors that present companies for every stage of the software program improvement lifecycle — from code to runtime,” Atlassian’s Prince informed VentureBeat. “By bringing safety insights straight into Jira Software program, we’re streamlining safety software program rituals and minimizing context switching, so builders can spend much less time clicking between apps and extra time delivery high-quality, safe code.”
Prince stated that the brand new function retrieves information from an organization’s most popular safety vendor(s) to supply a complete overview of vulnerabilities impacting their product, from the code degree to runtime. These vulnerabilities are then robotically linked to Jira points and integrated into the staff’s sprints, enabling them to shortly handle them with the required context.
“Till at this time, groups usually wanted to manually copy and paste vulnerability information from many instruments into Jira Software program to triage or write customized code to funnel vulnerabilities robotically into Jira Software program. With Safety in Jira, now we have eliminated this busywork from groups and enabled a extra dependable and refined triaging expertise,” she defined.
Atlassian stated that customers can even be capable of filter and prioritize vulnerabilities based mostly on severity, permitting them to stack rank the vulnerabilities accordingly. Moreover, customers can arrange automations to prioritize probably the most extreme vulnerabilities. As soon as activated, Jira automation can generate a Jira problem and seamlessly add it to a staff’s backlog or dash board, robotically assigning a due date and proprietor.
“With Jira Software program as the one supply of reality, builders can handle the highest-priority vulnerabilities quicker and speed up improvement velocity whereas lowering the chance of every launch,” stated Prince. “Our aim is to scale back complexity and friction and assist builders perceive probably the most important vulnerabilities to deal with them shortly and earlier. The safety tab in Jira robotically brings all vulnerabilities into one single pane, so builders can prioritize probably the most pressing vulnerabilities in a single place with the peace of mind that they aren’t lacking something.”
Crafted in response to industrial safety wants
In personal beta preview of the brand new functionality for patrons, software program groups had been passionate about eliminating the time-consuming activity of manually copying and pasting vulnerabilities into points in Jira Software program, the corporate stated.
It additionally famous that prospects had been excited concerning the enhanced visibility of vulnerabilities and safety for all software program staff members.
“They had been happy that Atlassian is taking a proactive and visual strategy to integrating safety inside Jira Software program, making certain that safety stays a prime precedence all through the software program improvement lifecycle,” added Prince. “With Safety in Jira, we imagine {that a} staff’s vulnerabilities will go straight into their backlog to enhance and assist simplify their dash planning.”
She emphasised that whereas automations are essential in expediting improvement velocity, their effectiveness depends on a well-maintained toolchain. Subsequently, she recommends that groups ought to recurrently synchronize the configuration between Jira Software program and their safety instruments to constantly incorporate the newest vulnerabilities.
“To operationalize this follow, groups must determine a toolchain supervisor to make sure they’re linked and to maximise the effectiveness of their integrations,” stated Prince. “One of many challenges of standalone safety instruments is that solely builders have visibility. A finest follow is to evaluate vulnerabilities inside Jira Software program as a staff, to scale back silos and prioritize safety throughout the complete software program improvement lifecycle.”