The need for open source governance throughout the development lifecycle has never been greater. And yet, at the same time, the modern developer has never been under more pressure to move faster and release quickly - making adherence to open source policies harder than ever.
In fact, according to our 2018 DevSecOps Community survey, nearly half of all developers know that application governance is important, but don’t have time to spend on it. We also saw that 77% of mature DevOps organizations have open source policies in place, with a 76% adherence rate. Conversely, only 58% of respondents without mature DevOps practices had a policy with a 54% adherence rate -- revealing that not only is automated governance difficult to ignore, but that without automation, it may not happen at all.
That’s exactly why we’re excited to announce our Nexus Notifier Plugin for Jenkins now has initial support for Bitbucket Code Insights. The integration, built by our community team, brings the automated policy engine of Nexus Lifecycle directly to Bitbucket developers who can use policy results to drive Pull Request discussion. For Bitbucket Server users who also use Lifecycle and Jenkins, the integration makes it easy to push organizational policy evaluation results directly into Code Insights. This enables developers to immediately see how their chosen components line-up against their company’s chosen policies.
Providing in-depth information at the pull-request level, prevents hours of re-work and ultimately, gives developers more control over the components they’re able to use - within the given policy. With all of the information available directly within Bitbucket, developers can make smart decisions quickly, and immediately rectify any policy violations that come up.
Within the Bitbucket environment, when the build runs, developers can easily see code insights and immediately identify policy violations as severe, critical, or moderate.
From there, developers can drill down into the exact violations, via a Nexus Lifecycle dashboard, and make appropriate changes.
This integration allows more developers to get important information early, and act fast, to remediate potential issues. We’re excited to work with Atlassian to share these capabilities and continue shifting the security and governance conversation left.