Smart Teams Use Atlassian and Sontaype to Plan Development Work

Jira software from Atlassian is one of the most widely used software in the world, helping agile development teams plan projects and manage stories, epics, tasks, tickets, workflows and backlogs.

Smart developers use Sonatype’s Nexus Platform to automatically find and fix open source vulnerabilities in their projects. We enable companies all over the globe to manage policy violations, remediate vulnerabilities, and keep their code secure while building the highest quality applications.

We like to think we’re better together. By using Nexus Lifecycle integrated with Jira Software, companies can shift open source governance into daily ticketing workflows so teams can quickly assess risk and fix potential threats in their code. We wrote about this collaboration with Atlassian when we first launched our Jira integration in August of 2019.

So, how do they work together to help developers streamline work?

Imagine This Scenario

You’re having your morning coffee and reading tech news (because you don’t already have enough technology in your day) and you come across an article about the latest breach reported involving a new form of software supply chain attack.

You cringe hoping this doesn’t impact you but you have a gut feeling that your day just got hijacked. Great. You haven’t even started your work day yet and already you know what’s coming. Today’s morning standup should be fun…

You settle into work and kick off the team meeting. You’re waiting for the bad news to drop that someone took an early look and found that your application might be vulnerable but it’s going to take a bunch of time to research the problem and find a solution.

To your surprise, the team lead opens up the daily scrum and already in your Jira backlog is a ticket about the new vulnerability with all of the detail your (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Kevin Miller. Read the original post at: