Sonatype for Jira
Jira is an issue-tracking tool that’s mainly used by software developers to prioritize bugs and improvements for their software applications.
Automatically creates tickets for violations found in your applications, within the projects associated with those applications
Report violations to development teams that are already using Jira
Automatically transition tickets once they have been remediated
Ensuring Quality
DevSecOps empowers development teams with ownership in deploying and monitoring their applications. Automation is the key to achieving the goals of developing your applications faster while ensuring the quality and security of the open-source components used in your application.
The Sontype for Jira plugins provides automation in the creation and resolution of Jira tickets for open-source violations so your development teams can focus on application security. The plugin uses a webhook event to trigger the creation of tickets when new policy violations occur.
Workflow Example
The following is an example workflow that shows how you can implement the Sonatype for Jira plugin in your organization to take advantage of remediating faster and delivering secure applications.
Stage | Action |
|---|---|
1. Install | Install the Sonatype for Jira plugin from the Atlassian Marketplace |
2. Configure | Configure the plugin and the IQ Server to send webhooks for new issues |
3. Kick off a Build | Developers merge changes and kick off a build |
4. Violations Found | The build runs and vulnerabilities are found to violate the policy |
5. Ticket Created | The plugin adds issues to the application's project |
6. Investigate Fixes | Developers use Lifecycle to find versions to upgrade with less risk |
7. Upgrade & Test | Upgrade to the optimal version, run unit and integration tests, and rebuild |
8. Move to Done | The new build has no policy violations and the Jira issue is moved to 'Done' |