DEVOPSdigest

Sonatype released three integrations to automate DevSecOps practices for Atlassian customers.

The Nexus platform integrations will help Atlassian customers improve secure coding practices and enhance application security as organizations seek to innovate faster and build higher quality applications at scale.

To accelerate the delivery of new features and applications, developers are increasingly reliant on open source components. While eighty to ninety percent of a modern application is built from these open source software building blocks, 28% of developers acknowledge security breaches associated with the components they use. To help developers build safer applications faster, Sonatype is delivering three new Nexus platform integrations for Atlassian customers:

- Jira Software ticketing for Software Component Analysis (SCA) - The Nexus platform automatically creates Jira tickets that alert development teams when known security vulnerabilities, license risks, or architectural issues are found in open source software components being used in an application. Jira tickets are immediately put into daily development workflows for teams to triage with insight and remediation guidance.

- Bitbucket automated pull requests - The Nexus platform automatically informs developers of security or license risks within their open source dependencies and opens pull requests populated with recommended update and remediation paths. Bitbucket users can now remediate issues in seconds, armed with the world’s most robust intelligence around open source software components.

- Bitbucket Code Insights - The Nexus platform surfaces open source component security and license information relevant to a pull request. Developers using the Nexus platform integrated with Code Insights are notified when a change they make introduces risk, with contextual feedback for the individual branch they are working on, and the exact open source components that introduced the risk. This kind of information accelerates feedback loops for Bitbucket users that are critical to successful DevSecOps practices.

Sonatype’s new integrations work inside Bitbucket Cloud and Server.

“We’ve analyzed over 70 million open source software components to ensure developers have rapid, precise access to information about their quality and security,” says Brian Fox, co-founder and CTO of Sonatype. “The Atlassian integrations benefit from Sonatype’s deep, precise data. Not only is our database of vulnerable components 70% larger than other market alternatives, our data is curated to provide the most value and insight for the developers who need it.”

Sonatype is a member of the Atlassian Platform Partner Program, a collaboration that supports developer tooling -- other members include Jenkins, McAfee and Micro Focus.