Continuously Improve CI/CD with Nexus Lifecycle and Bitbucket Code Insights

Over the last few weeks we’ve been highlighting our integrations with Atlassian that bring open source governance insights right into your favorite Atlassian tools. We have integrations for planning and building applications. We wanted to save our newest integration into developer tooling for last: Bitbucket Code Insights.

According to Atlassian, “Code Insights in Bitbucket Cloud lets you bring the best DevOps scanning, testing and analysis tools into your code review process.”

Using Nexus Lifecycle and Bitbucket Server or Cloud, developers experience better code reviews and bring open source component security and license information right into your pull requests. Developers can see all of the details needed to remediate any policy issues on their branch, and fix violations quickly. They can even drill down to the specific line(s) of code that introduced the violation, with instructions on how to fix them. No need to switch applications. No need to slow down the process. No need to fail builds, or come back to this a week later because of a report from security. This kind of information accelerates feedback loops for Bitbucket users that are critical to successful DevSecOps practices.

As a developer, you can:

  1. Choose the highest quality components from the start.
  2. Find out instantly if code you just committed contains risk.
  3. Fix those issues in a few clicks.
  4. Commit your changes and move on to the next task.

Check out this video to see how our integrations with Jira Software, Bamboo, and Bitbucket work holistically to keep your application secure at every stage in the SDLC.

Want a more in depth look into all of our integrations with Atlassian? Learn more about how we help development organizations deliver higher quality applications faster.

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Kevin Miller. Read the original post at: