

Atlassian Corp. today announced new security capabilities for Jira Software Cloud, the company’s project management and software issue tracking tool, aimed at assisting developers with their workflows by bringing security visibility directly under their control.
As part of the development lifecycle, developers and engineers spend a lot of time with different tools from coding, integration, testing, deployment and vulnerability detection. In order to catch up with the increasing speed of software development, automated tools have been created to automate security throughout each step of the process in continuous integration and delivery.
This is all part of the DevOps mantra, which combines the efforts of development teams with operations into one collaborative cycle. That means that as tools discover vulnerabilities at any development or deployment stage, they can be flagged and sent to the appropriate team to be fixed and sent back into the workflow.
The problem, argued Andrew Pankevicius, Atlassian senior product manager, is that as more tools have been created to address this problem, it has led to an increasingly fragmented security landscape for developers.
“Each of these tools focuses on a different part of the process, resulting in organizations using multiple security tools. Today, enterprises use nine (or more) security tools on average,” said Pankevicius. “As a result, software development teams have to sift through a tremendous volume of vulnerabilities recorded in siloed tools. It’s not just time-consuming, it’s error-prone.”
Atlassian partnered with security vendors to automatically pull vulnerability information directly into Jira so that developers and engineers do not need to switch out to different tools during their processes. With information from Snyk, Mend, Lacework, StackHawk and JFrog – with more to come – DevOps teams can be forewarned with trackable issues so that they can quickly understand what needs to be fixed and send it to the correct people to triage the problem in a centralized location.
The new Security tab allows software teams to understand the context and risk levels of each vulnerability, including all the information and metadata generated by the security vendor. This means that it includes a colorized and notated severity level, giving the team the ability to prioritize vulnerabilities and stay on task. That way the team can quickly burn down severe vulnerabilities and bulk-repair less severe vulnerabilities.
Pankevicius said that will allow Atlassian’s customers to “shift their security practices left into the planning rituals that they do every single day.” This will lift a burden off DevOps teams when it comes to staying ahead of prioritizing and fixing vulnerabilities before new software and features are sent further on into the development lifecycle, the company says.
“Teams are already managing their work in Jira Software,” said Jake Colman, vice president of engineering at fintech platform Derivative Path. “The new security tab brings security to the forefront of our weekly sprints and planning cycles. My development teams no longer need to go into a separate security tool, they get everything they need right here in Jira Software.”
The new security features are now available for all Jira Software Cloud customers via the Security tab for free.
THANK YOU