Smart teams use Atlassian and Sonatype to plan development work

June 05, 2020 By Kevin Miller

4 minute read time

Jira software from Atlassian is one of the most widely used software in the world, helping agile development teams plan projects and manage stories, epics, tasks, tickets, workflows, and backlogs.

Smart developers use the Sonatype Platform to automatically find and fix open source vulnerabilities in their projects. We enable companies all over the globe to manage policy violations, remediate vulnerabilities, and keep their code secure while building the highest quality applications.

We like to think we're better together. By using Sonatype Lifecycle integrated with Jira Software, companies can shift open source governance into daily ticketing workflows so teams can quickly assess risk and fix potential threats in their code. We wrote about this collaboration with Atlassian when we first launched our Jira integration in August of 2019.

So, how do they work together to help developers streamline work?

Imagine this scenario

You're having your morning coffee and reading tech news (because you don't already have enough technology in your day) and you come across an article about the latest breach reported involving a new form of software supply chain attack.

You cringe hoping this doesn't impact you but you have a gut feeling that your day just got hijacked. Great. You haven’t even started your work day yet and already you know what's coming. Today's morning standup should be fun...

You settle into work and kick off the team meeting. You're waiting for the bad news to drop that someone took an early look and found that your application might be vulnerable but it's going to take a bunch of time to research the problem and find a solution.

To your surprise, the team lead opens up the daily scrum and already in your Jira backlog is a ticket about the new vulnerability with all of the detail your team needs to understand the threat, and if available, advice on how to fix it.

But wait. What just happened? You mean you don't have to spend hours doing research, getting approvals and manually processing the issue? This is incredible. Not only did this just save time, but you know you can trust the recommendations based on the extensive research and precise data from Sonatype Intelligence.

The team decides it's a high priority and gets working on the fix before anyone else at the company is even at their desks. The pull request, which was automatically created along with the Jira ticket, is reviewed and merged for a new component version that doesn't contain any policy violations. Boom. Code secure for at least another day.

After a brief reflection and mini-celebration, it's time for coffee number two and then back to work on today's regularly scheduled projects.

What could your team accomplish with that kind of automation, speed, and insight?

Shifting security further left

Some teams would rather have this information even earlier in the development process so they don't have to log into Jira. Sonatype Lifecycle can provide the same level of detail and insight to developers directly in Bitbucket. Get detailed component intelligence to easily find and fix vulnerabilities with Automated Pull Requests and Code Insights for Bitbucket Server and Bitbucket Cloud.

Additional resources:

Learn more about all of our integrations with Atlassian throughout the SDLC to help you deliver higher quality applications faster.

Tags: JIRA, atlassian, AppSec, bitbucket, Product

Written by Kevin Miller

Kevin Miller is a Product Marketing Manager at Sonatype where he works to empower the development community to shift component choice and security left. He believes that putting the right tools and options in the hands of developers will help accelerate software innovation and minimize open source risk.