Atlassian announces new DevSecOps capability for Jira to strengthen security prioritization

Atlassian announces new DevSecOps capability for Jira to strengthen security prioritization

Join top executives in San Francisco July 11-12 to hear how leaders are integrating and optimizing AI investments for success. Learn more

Collaborative software provider Atlassian today unveiled a game-changing feature for its renowned development issue tracking software, YES. The “Security in Jira” feature allows users to integrate popular security tools into the Security tab of Jira. With this feature, the company seeks to revolutionize the way organizations prioritize security by providing software teams with better visibility into critical security issues.

The company has partnered with other developer security companies: snyk, Repair, Lace, Stackhawks AND JFrog — to enable teams to address security issues more efficiently and earlier in the software development lifecycle. This collaborative effort aims to enable organizations to proactively address security challenges and improve overall software development processes.

“Our goal with Security in Jira is to make security a native part of agile planning rituals that are critical to great software teams. With the Security tab, we’re shifting security to the left by increasing transparency across tools and teams so Jira Software’s 100,000+ customers can now address vulnerabilities more easily and effectively,” said Suzie Prince, product lead for DevOps at Atlassian VentureBeat.

Atlassian believes that with popular security tools integrated into the Jira Software Security tab, development teams will be able to streamline their workflows and address vulnerabilities with greater agility.


Transform 2023

Join us in San Francisco July 11-12, where top executives will share how they integrated and optimized AI investments for success and avoided common pitfalls.

subscribe now

According to Prince, software teams should prioritize security as it is no longer limited to developers only.

“We want to make it easy for everyone on the software team to access and understand their product’s security posture,” Prince said. “Our new feature empowers teams to understand the importance of each vulnerability, so they can prioritize mission-critical solutions sooner and de-risk with each release. This also helps increase developer efficiency by minimizing ad hoc disruptions.”

Starting today, the new security features will be accessible to all Jira Software Cloud users.

The company told VentureBeat that users will have the ability to enable the security tab and easily integrate with their existing tools, allowing them to explore this robust integration.

Mitigating data breaches with new DevSecOps capabilities

Atlassian believes that protecting software has become a daunting task due to the dynamic nature of the development process and the proliferation of new technologies. Teams often struggle to comprehensively address each potential attack vector given the many vulnerabilities present in the code.

The company’s internal research has identified the emergence of powerful security tools, each specializing in a specific aspect of the software development process. Organizations use more security tools, averaging more than nine per company.

The company said this fragmented approach results in vulnerabilities scattered across various tools, leading to inefficiencies and a higher likelihood that development teams will make mistakes. Recognizing the need for a centralized solution, Atlassian introduced “Security in Jira” to bring together key security tools within Jira Software.

“Our goal is to simplify security management with Jira Software as the center of mission control. We want teams to use their favorite security tools, and we’ve intentionally partnered with vendors who provide services for every stage of the software development lifecycle, from code to runtime,” Atlassian’s Prince told VentureBeat. “Bringing insight into the security right in Jira Software, we’re streamlining security software rituals and minimizing context switching, so developers can spend less time clicking through apps and more time submitting high-quality, secure code.” .

Prince said the new feature pulls data from a company’s preferred security vendors to give a comprehensive view of the vulnerabilities impacting their product, from the code level to the runtime. These vulnerabilities are then automatically linked to Jira issues and incorporated into team sprints, allowing them to quickly address them with the necessary context.

“Until now, teams often needed to manually copy and paste vulnerability data from many tools into Jira Software to assess or write custom code to automatically funnel vulnerabilities into Jira Software. With Security in Jira, we’ve removed this hectic work from teams and enabled a more reliable and refined evaluation experience,” she explained.

Atlassian said users will also be able to filter and prioritize vulnerabilities based on severity, allowing them to group vulnerabilities accordingly. Additionally, users can set up automations to prioritize the most serious vulnerabilities. Once activated, Jira automation can generate a Jira issue and seamlessly add it to a team’s backlog or sprint board, automatically assigning a due date and owner.

“With Jira Software as the single source of truth, developers can address top-priority vulnerabilities faster and accelerate development speed while de-risking each release,” said Prince. “Our goal is to reduce complexity and friction and help developers understand the most critical vulnerabilities to address them quickly and sooner. The security tab in Jira automatically brings all vulnerabilities into one pane, so developers can prioritize the most pressing vulnerabilities in one place and be sure not to miss a thing.”

Made according to industrial safety requirements

In the private beta preview of the new feature for customers, the software teams were excited to eliminate the time-consuming task of manually copying and pasting vulnerabilities into issues in Jira Software, the company said.

It also noted that customers were thrilled with the increased vulnerability and security visibility for all members of the software team.

“They were pleased that Atlassian is taking a proactive and visible approach to integrating security into Jira Software, ensuring that security remains a top priority throughout the software development lifecycle,” Prince added. “With Security in Jira, we believe a team’s vulnerabilities will go directly to the backlog to improve and streamline sprint planning.”

He pointed out that while automations are key to accelerating development speed, their effectiveness relies on a well-maintained toolchain. Therefore, he advises teams to regularly synchronize the configuration between Jira Software and their security tools to consistently incorporate the latest vulnerabilities.

“To operationalize this practice, teams need to identify a toolchain manager to ensure they are connected and to maximize the effectiveness of their integrations,” Prince said. “One of the challenges of standalone security tools is that only developers have visibility. A best practice is to investigate vulnerabilities within Jira Software as a team to reduce silos and prioritize security throughout the software development lifecycle.”

VentureBeat’s mission it is to be a digital city square for technical decision makers to gain insights into transformative business technology and transactions. Discover our Briefings.