Overview

Jira is an issue-tracking tool that’s mainly used by software developers to track, organize, and prioritize bugs, new features, and improvements for their software applications. Jira is extremely popular (according to Atlassian, it’s used by over 125,000 teams around the globe), and is a logical integration point in the Nexus Platform to help teams build security fixes into their software development lifecycle (SDLC).

Our IQ Jira plugin puts remediation right in the development workflow—letting you easily get violations in front of the people who can fix them. The IQ Jira plugin lets you automatically create Jira tickets for violations found in your applications, within the Jira projects associated with those applications. This provides an instinctive way to communicate policy violations for development teams that are already using Jira for feature development and bug reporting.

Ensuring Quality

Surviving in the digital economy means developing your applications faster, while still ensuring quality and security. Automation is a major key that will help you achieve these goals.

According to the Stackify article, “What is DevSecOps? How to Automate Security Testing,” DevOps is meant to provide development teams more ownership in deploying and monitoring their applications. One way to accomplish a DevOps development lifecycle is through automation—which helps teams move faster and ship higher-quality products.

Adding security to this same automation is at the heart of the DevSecOps movement. Companies want to create strong security policies and standards without slowing down the development process. The Nexus IQ Jira Plugin is the next generation of Jira integration for the IQ Server that lets you automate the creation of Jira tickets for policy violations, allowing your development teams to focus on application security. The plugin uses an IQ Server webhook violation event to trigger the creation of tickets whenever a new policy violation occurs.

In the article by Mathieu Buisson, “Where to start your automation efforts? An analogy for IT infrastructure folks,” he asserts that Lean software development (and all the stuff that came from it, like Agile) originated from applying principles of Lean manufacturing (pioneered by Toyota) to the software industry. An easy way to visualize this is by comparing your company’s software delivery pipeline with that of a manufacturing assembly line. Automating Jira issues for policy violations is a pivotal step in the pipeline because it lets you automatically transport a continuous flow of tickets for policy violations directly to the developers who can fix them, and secure your applications.

"Automating the creation of workable tickets that can be prioritized, developed, and resolved in a workflow that matches the way development teams already work greatly reduces overhead experienced by delivery teams when it comes to addressing security and licensing issues.”
- A.J. Brown, Nexus Integrations Product Owner"

This Jira Plugin significantly improves the usefulness of the legacy IQ Server Jira Integration by focusing on creating Jira issues at the right place and right time. When deciding how to improve the Jira and Lifecycle integration, the Nexus Integrations team focused on the following objectives — (1) creating the ticket in the right application, and (2) making the tickets more workable by automatically creating a ticket per component.

Workflow Example

Integrating your software development pipeline with the IQ Jira plugin lets your team detect issues earlier and remediate faster, which means they will deliver a secure product, and management will see improved return on investment (ROI) for their IQ Server instance.

Looking at these main benefits, we’ll walk through an example workflow that shows how you can easily implement the IQ Jira plugin in your organization to take advantage of remediating faster and delivering secure applications.

Figure 1: Graphic of an example workflow with eight stages. The steps are Install, Configure, Kick off a Build, Violations Found, Ticket Created, Investigate Fixes, Upgrade & Test, and Move to Done. Initial image by Freepik.

This example workflow shows how easy it is to automate policy violation fixes into your development cycle. This ensures that your applications are secure, without interrupting how your work is done.