Head over to our on-demand library to view sessions from VB Transform 2023. Register Here
Collaborative software provider Atlassian today unveiled a groundbreaking feature for its renowned development issue-tracking software, Jira. The “Security in Jira” feature allows users to integrate popular security tools in Jira’s Security tab. With this feature the company seeks to revolutionize how organizations prioritize security by granting software teams improved visibility into crucial security issues.
The company has partnered with other developer security companies — Snyk, Mend, Lacework, Stackhawk and JFrog — to empower teams to address security concerns more efficiently and earlier in the software development lifecycle. This collaborative effort aims to enable organizations to tackle security challenges proactively and enhance their overall software development processes.
“Our goal with Security in Jira is to make security a native part of the agile planning rituals central to excellent software teams. With the Security tab, we’re shifting security left while increasing transparency across tools and teams so Jira Software’s more than 100,000 customers will now be able to more easily and effectively address vulnerabilities,” Suzie Prince, head of product for DevOps at Atlassian, told VentureBeat.
Atlassian believes that with popular security tools integrated into Jira Software’s Security tab, development teams will be able to streamline their workflows and address vulnerabilities with greater agility.
VB Transform 2023 On-Demand
Did you miss a session from VB Transform 2023? Register to access the on-demand library for all of our featured sessions.
According to Prince, software teams should prioritize security as it is no longer limited to developers alone.
“We want to make it easy for anyone in the software team to access and understand their product’s security posture,” said Prince. “Our new feature allows teams to understand the importance of each vulnerability, so they can prioritize mission-critical solutions sooner and reduce the risk of each release. This also helps increase developer efficiency by minimizing ad hoc interruptions.”
Starting today, the new security capabilities will be accessible to all Jira Software Cloud users.
The company told VentureBeat that users will have the option to enable the security tab and effortlessly integrate their existing tools, allowing them to explore this robust integration.
Mitigating data breaches with new DevSecOps features
Atlassian believes securing software has become a daunting task due to the dynamic nature of the development process and the proliferation of new technologies. Teams often struggle to comprehensively address each potential attack vector, given the numerous vulnerabilities present in the code.
The company’s internal research identified the emergence of powerful security tools, each specializing in a specific aspect of the software development process. Organizations use multiple security tools, averaging over nine per enterprise.
The company stated that this fragmented approach results in vulnerabilities scattered across various tools, leading to inefficiencies and an increased likelihood of development teams making errors. Recognizing the need for a centralized solution, Atlassian introduced “Security in Jira” to bring together leading security tools within Jira Software.
“Our goal is to simplify security management with Jira Software as the mission control center. We want teams to use their preferred security tools, and have intentionally partnered with vendors that provide services for each stage of the software development lifecycle — from code to runtime,” Atlassian’s Prince told VentureBeat. “By bringing security insights directly into Jira Software, we’re streamlining security software rituals and minimizing context switching, so developers can spend less time clicking between apps and more time shipping high-quality, secure code.”
Prince said that the new feature retrieves data from a company’s preferred security vendor(s) to offer a comprehensive overview of vulnerabilities impacting their product, from the code level to runtime. These vulnerabilities are then automatically linked to Jira issues and incorporated into the team’s sprints, enabling them to quickly address them with the necessary context.
“Until today, teams often needed to manually copy and paste vulnerability data from many tools into Jira Software to triage or write custom code to funnel vulnerabilities automatically into Jira Software. With Security in Jira, we have removed this busywork from teams and enabled a more reliable and refined triaging experience,” she explained.
Atlassian said that users will also be able to filter and prioritize vulnerabilities based on severity, allowing them to stack rank the vulnerabilities accordingly. Furthermore, users can set up automations to prioritize the most severe vulnerabilities. Once activated, Jira automation can generate a Jira issue and seamlessly add it to a team’s backlog or sprint board, automatically assigning a due date and owner.
“With Jira Software as the single source of truth, developers can address the highest-priority vulnerabilities faster and accelerate development velocity while reducing the risk of each release,” said Prince. “Our goal is to reduce complexity and friction and help developers understand the most critical vulnerabilities to address them quickly and earlier. The security tab in Jira automatically brings all vulnerabilities into one single pane, so developers can prioritize the most urgent vulnerabilities in one place with the assurance that they aren’t missing anything.”
Crafted according to industrial security needs
In private beta preview of the new capability for customers, software teams were enthusiastic about eliminating the time-consuming task of manually copying and pasting vulnerabilities into issues in Jira Software, the company said.
It also noted that customers were excited about the enhanced visibility of vulnerabilities and security for all software team members.
“They were pleased that Atlassian is taking a proactive and visible approach to integrating security within Jira Software, ensuring that security remains a top priority throughout the software development lifecycle,” added Prince. “With Security in Jira, we believe that a team’s vulnerabilities will go directly into their backlog to improve and help simplify their sprint planning.”
She emphasized that while automations are crucial in expediting development velocity, their effectiveness relies on a well-maintained toolchain. Therefore, she recommends that teams should regularly synchronize the configuration between Jira Software and their security tools to consistently incorporate the latest vulnerabilities.
“To operationalize this practice, teams need to identify a toolchain manager to ensure they’re connected and to maximize the effectiveness of their integrations,” said Prince. “One of the challenges of standalone security tools is that only developers have visibility. A best practice is to review vulnerabilities within Jira Software as a team, to reduce silos and prioritize security across the entire software development lifecycle.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.