Atlassian has determined that its Jira issue-tracker wants yet one more class of difficulty to trace: safety flaws.
Suzie Prince, Atlassian’s head of product for DevOps, instructed The Register builders use a number of instruments throughout their days, which makes speaking safety points arduous. It might additionally imply fixing them does not make it into workflows that contact all stakeholders in a software program mission, she added. Wider visibility issues, Prince argues, as a result of when safety points fester in ops or infosec silos, it is arduous to know what fixes to prioritize, and why.
Atlassian’s reply is to faucet data feeds from Snyk, Mend, Lacework, StackHawk, and JFrog, load them into a brand new “Safety” tab in Jira, the place security-related points could be considered by all stakeholders and automatic workflows route work to the appropriate individuals. Atlassian parses severity scores to assist customers prioritize.
Prince stated Atlassian noticed prospects attempt to construct this form of factor themselves, so the corporate productized it.
The Register requested Prince if there is a draw back to extensive visibility of flaws. We supplied a situation by which a product supervisor who works with builders reads information of a colossal flaw – one thing alongside the order of significance of the Log4Shell vulnerability within the ubiquitous Apache Log4j logging library – and makes use of their capability to see that in a Jira queue to order a repair with out understanding that different issues might be extra necessary.
“Being knee jerk is what product managers do,” she admitted, earlier than occurring to argue that having a single place to handle the flaw-fixing workflow means you get an opportunity to have a dialog about what fixes are on the high of a to-do checklist, and why, maybe main a nervous non-techie to again down gracefully.
The brand new safety performance is baked into Jira Software program Cloud, accessible to all customers right this moment and is roofed by present licenses. Atlassian will add integrations to extra safety distributors however couldn’t title names or provide a timeline for his or her inclusion. ®