At its core, DevOps requires a cultural shift: development and operations teams must recognize their shared commitment to delivering quality software, and embrace transparency, communication, and collaboration. Underlying the cultural shift are practices—processes and behaviors people can adopt to build software better—and tooling—software or automation that can make these practices easier.
But every development team is different—they have different needs and use different tools. Adding to the complexity is that development tools are evolving at breakneck speed. In their quest to use best-of-breed tools, different teams adopt different tools, silos develop, communication breaks down—pretty much the opposite of what DevOps is intended to achieve. So, to meet the need, Atlassian introduced Open DevOps, a development experience built on Jira that integrates with a ton of third-party tools, but makes the whole thing seem like one experience.
At the core of Open DevOps is a pre-configured Jira project built around Jira Software, Confluence, Bitbucket, and Opsgenie, but it’s also set up with pre-built integrations so that teams can add in other third-party tools, including GitLab or GitHub. How cool is that? There’s a ton of functionality essentially embedded in the Open DevOps Jira project: using either Atlassian tools or those prebuilt integrations, you can code in Jira, see deployments, automate workflows, view Confluence pages, and even see deployment and cycle time trends.
As of the April announcement, Open DevOps offers more than a dozen one-click integrations with leading third-party tools for security, testing, feature flagging, observability, and CI/CD, (including GitLab,) but one I want to dig into more specifically relates to security: an integration with Snyk. Snyk makes a set of best-in-class tools that make it easy for developers to build security into their development processes. Specifically, the tools find and fix vulnerabilities in opensource code, application code, container images, and Kubernetes applications.
Atlassian and DevSecOps: What’s Snyk Got to Do with It?
As more organizations undertake DevOps journeys, and as the practice matures, engineering teams are also increasingly incorporating security practices into every phase of the software development cycle so that security is an innate part of the finished product. And that, in a nutshell, is what the notion of DevSecOps is all about.
Puppet’s 2020 State of DevOps Report does a great job of explaining the value behind the practice: “Integrating security fully into the software delivery process improves your ability to quickly remediate critical vulnerabilities. Among companies with full security integration, 45 percent can remediate critical vulnerabilities within a day. Just 25 percent of those with low security integration can remediate within a day.”
When you think about the complexity of the DevOps lifecycle in general (Atlassian views it in six phases: planning, building, CI/CD, monitoring, operating, and continuous feedback), then think about the complexity of addressing security at every stage via a collection of third-party tools, it’s really exciting to see how Atlassian, through Open DevOps and one-click integration with Snyk, is simplifying that. And at Isos Technology, we’re all really looking forward to seeing how Atlassian continues to grow this new tool, bringing in new functionality and integrations as DevOps and DevSecOps continue to evolve.
Interested in learning more? Read Atlassian’s Open DevOps announcement and learn more about the Open DevOps one-click integration partners.