Security Features in Jira: Security Throughout the Development Lifecycle

Diesen Artikel auf Deutsch lesen

As part of the development lifecycle, all teams involved in the software development process strive to minimize friction and work closely together according to the workflows and processes that work best for them. Atlassian supports this through its Open DevOps suite, enabling teams to use their preferred tools for their unique tasks and projects while collaborating on a centralized platform.

Earlier this year, Atlassian took another step to even smoother collaboration between teams by implementing new security-related features in Jira software. These features are designed to help organizations better prioritize security issues by giving development teams more visibility into the security aspects that should be addressed. Atlassian promises that this will allow security tasks to be integrated much more efficiently and earlier in the development process.

The expanded scope of DevSecOps

In small and large enterprises, security issues are a top priority - securing the released solutions before its provided to customers is only the last link in the chain. According to Gartner, securing the software delivery pipeline is now as important as securing the shipped software. This development has helped the DevSecOps concept take off, which envisions security being incorporated into every aspect of software development.

But securing software is not easy. Potential attacks emerge whenever new technologies are implemented in the development process, and in the modern software world, teams can't realistically consider every security angle. Companies must face the inescapable reality that their code is vulnerable.

Many tools create more complexity

A new generation of security tools is being developed to address this problem, which bring automated security testing into every step of the development cycle. But each of these tools focuses on a different part of the process. Hence, the bottom line is that companies use numerous security tools - large software houses use an average of nine or more dedicated security tools.

The result is that software teams have to dig through an enormous mass of potential vulnerabilities recorded in isolated tools. This approach not only takes a lot of time, but it's also error-prone. Without a centralized place to manage this information, there is a risk that important findings will be lost in the general noise.

A new set of security features in Jira

Atlassian has partnered with several leading security vendors to integrate these popular tools into Jira. These are Snyk, Mend, Lacework, StackHawk and JFrog. More collaborations are planned.

Security Features in Jira: Security Throughout the Development Lifecycle - Jira Security integrations

Jira Security Integrations

The Security tab in Jira now opens up a centralized space for teams to triage, prioritize, assign, and manage all vulnerabilities uncovered by security tools in the form of tasks.

More context to address vulnerabilities sooner

This new section provides software teams with more context and the ability to filter vulnerabilities and score them by severity. This helps teams address the correct issues first to improve efficiency while minimizing release risks.

Security Features in Jira: Security Throughout the Development Lifecycle - Filter Jira software vulnerabilities

Automatic creation of tasks with security information

The new feature set includes the option for Jira to automatically create a task enriched with security details for an identified critical vulnerability. In turn, lower-priority vulnerabilities can be easily integrated into the team's sprint planning. This helps developers stay focused by making ad hoc interruptions urgent while supporting careful prioritization of security risks.

Security Features in Jira: Security Throughout the Development Lifecycle - Jira Software create security task

Integrate security into existing processes

And last but not least, the team now have an overview of which issues are currently being worked on and their status. So, thanks to Jira, security aspects can be integrated into the existing workflows of the development team, which significantly supports the DevSecOps implementation.

Jira makes it easy to bring the security topic deeper into the existing development workflows, this helps make the overall process more secure - all the way to the delivery of the customer solution. The new features are now available in all Jira Cloud plans.

Your partner for Atlassian software in the Cloud

Atlassian is discontinuing support for its server products in February 2024. So use the remaining time to find out about moving to the Cloud. Or, even better - try it out: With our free Cloud Migration Trial, you can test the Cloud and its benefits and gain initial experience without affecting your existing productive system.

Your partner for Atlassian products

Do you have questions about deployment options for Atlassian products? We would be happy to help you objectively check what you need: As an Atlassian Platinum Solution Partner with experience from thousands of Atlassian projects, we can advise you on the evaluation of an optimal licensing and operating model for you and will be happy to help you migrate your existing systems. Get in touch with us!

Further Reading

Forget Less and Ensure Quality with didit Checklists for Atlassian Cloud Forget Less and Ensure Quality with didit Checklists for Atlassian Cloud Forget Less and Ensure Quality with didit Checklists for Atlassian Cloud