(Special thanks to our advisor Ram Kumar for his contributions to making this integration –and blog– possible!)
One of the biggest challenges facing our digital economy is the security and stability of our applications. But with many engineering teams now focused on developing complex and distributed microservice applications, it’s becoming increasingly difficult for developers and application security teams to address the various risks associated with modern development. Regardless, protecting applications against security and compliance risks remains an essential objective for the successful digital transformation and modernization of an enterprise.
When engineering teams start to shift the responsibility of application security “left,” the process of organizing and triaging alerts is a critical aspect of quickly delivering secure code at scale. By finding issues before shipping to production, developers can avoid the delays associated with context-switching and circumvent having to triage and resolve issues in previous releases, whilst adhering to the timeline of the existing sprint. This is a primary driver behind the adoption of DevSecOps.
DeepFactor is one such cloud native application security platform purpose-built for DevSecOps.
The unified application security platform enables developers to quickly discover and resolve security vulnerabilities, supply chain risks and compliance issues during development. By integrating artifact scanning and runtime visibility to observe telemetry and detect anomalies, DeepFactor provides developers with a prioritized and actionable list of contextual security risks. DeepFactor’s language-agnostic library plugs into cloud native apps and Kubernetes to observe every thread, process, container, and pod without requiring intrusive agents or privileged sidecars.
However, though application security tools should be indubitably focused on helping engineering teams discover security risks and vulnerabilities, it’s just as important for those same developer tools to be seamlessly integrated into the CI/CD pipeline. This is particularly true for project and team management platforms—such as Jira by Atlassian—which have become a cornerstone of modern development practices. Ensuring developers are armed with the information necessary to triage and resolve security issues earlier in the SDLC is a core tenet of DevSecOps.
This is the exact reason we have integrated DeepFactor with Jira Cloud.
With this integration, developers can seamlessly create and manage Jira issues for alerts discovered using DeepFactor. The following diagram provides a high-level overview of the integration:
This enables engineering teams to work across functional teams—development, security, operations—to ensure issues are triaged and resolved during the current sprint. By natively integrating with a developer’s preferred choice for project team management and collaboration, engineering teams are empowered to own responsibility for shifting security left.
For more information on this integration, please visit our documentation or our listing on the Atlassian Marketplace. And if you’re interested in learning more about DeepFactor, you can also request a demo here!