5-second summary
- Over the last 20 years, Atlassian has shaped Agile and DevOps software team rituals – driving software development from NASA to Deutsche Bank to Kiva. Today, Jira is the number one tool for agile teams.
- Today, we’re expanding the scope of Jira to make security a native part of the agile planning rituals that are central to excellent software teams.
- Atlassian empowers great software teams to use the best tools for the job by integrating with popular third-party tools natively, making a diverse toolchain feel like an all-in-one.
Atlassian’s mission is to unleash the potential of every team. For teams involved in building software – engineering, security, operations, and “the business” – that starts by reducing friction and bringing them closer together throughout the software development lifecycle. Atlassian enables this through its Open DevOps framework, allowing teams to use the best tools for the job while giving people the experience and control of being on a single platform.
Today, we’re introducing new security capabilities in Jira, designed to help organizations better prioritize security by ensuring software teams have visibility into the security issues that need to be addressed. Along with our partners Snyk, Mend, Lacework, StackHawk, and JFrog, we’re excited to empower teams to address security issues more effectively and earlier.
The expanding scope of DevSecOps
Companies big and small have been in the news for security issues recently. According to Gartner®, “Securing the software delivery pipeline is as important as securing the software that is delivered.” 1 This has put security top of mind for organizations and fueled the adoption of DevSecOps – a practice that builds security into every aspect of software development.
But securing software is not easy. As new technologies become part of the development process, each presents a new opportunity for attack. It is now virtually impossible for teams to consider every angle of security when building software, leaving organizations to manage the inevitable reality of vulnerabilities in their code.
Too many tools
Powerful security tools have been developed to address this problem, bringing automated security testing to each step in the software development lifecycle. But each of these tools focuses on a different part of the process, resulting in organizations using multiple security tools. Today, enterprises use nine (or more) security tools on average.2
As a result, software development teams have to sift through a tremendous volume of vulnerabilities recorded in siloed tools. It’s not just time-consuming, it’s error-prone. Without a centralized location to manage them, important vulnerabilities can get lost in the noise.
Jira to the rescue
We’ve partnered with leading security vendors Snyk, Mend, Lacework, StackHawk, and JFrog (with more to come) to integrate their popular tools into Security in Jira. Now, within the Security tab in Jira, teams have a centralized location to triage all the vulnerabilities spotted across their security tools and easily prioritize, assign, and manage tasks for development teams.
Get more context so you can address vulnerabilities earlier
The new Security tab provides software teams more context with the ability to filter and stack rank vulnerabilities by severity level. This helps software teams address the right vulnerabilities first to further accelerate development velocity and reduce the risk of each release.
Automatically create a Jira issue populated with security details
You can set Jira to automatically create an issue populated with security details for identified critical vulnerabilities and easily bring lower-priority vulnerabilities into sprint planning. This helps developers stay focused by minimizing ad hoc interruptions and also encourages intentional and thoughtful prioritization of security vulnerabilities.
Teams are already managing their work in Jira. The new security tab brings security to the forefront of our weekly sprints and planning cycles. My development teams no longer need to go into a separate security tool, they get everything they need right here in Jira.
– Jake Colman, VP of Engineering, Derivative Path
Bring security triaging into your existing rituals
Teams can finally see which vulnerabilities are being addressed and their status in one view. Security can become part of developers’ existing workflow and make a DevSecOps implementation manageable.
Security in Jira integration is the ultimate dream for me – a single source of truth for teams to work from.
– Tom Austin, DevOps and Tooling Engineer, Motability Operations
Ready to release faster and safer?
Jira makes it easy to bring security further into your existing development rituals. Atlassian is dedicated to helping teams unleash their full potential and we’re excited to see our customers move faster and deliver more value to their own customers with the assurance that they’re deploying secure features and products. Try the new security features in Jira today by enabling the security tab and integrating your tools – free to all Jira users!
- Gartner, How to Select DevSecOps Tools for Secure Software Delivery, Manjunath Bhat, Mark Horvath, Dale Gardner, 16 January 2023
- State of Open Source Security 2022, Snyk and The Linux Foundation, 2022, State of Open Source security 2022 | Snyk (pg.29)
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the US and internationally and is used herein with permission. All rights reserved.