Blog - Isos Technology

JSM - Streamlined, Automated Change Management for Federal Agencies to Augment the DevSecOps Pipeline

Written by Isos Technology | Mar 25, 2024

Software factories throughout the Federal government, including the DoD, are turning to DevSecOps to streamline development processes while integrating and prioritizing security at every step of the development lifecycle. DevSecOps practices are designed to support faster, more frequent, and more secure releases, with fewer issues and less risk

DevSecOps practices typically require a solution set that includes tools for managing the backlog, continuous integration/continuous deployment (CI/CD), change management, incident management, and bug tracking. The challenge is ensuring that these tools are properly integrated, talk to each other, and provide the right people with the information they need, when and where they need it, while preventing people who should not have access to it. 

A single, integrated system, like the Atlassian platform, that includes many of these tools can improve transparency, support granular access to information, and minimize the complexity of building and maintaining integrations. However, it is important to note that Atlassian takes an open approach to DevOps and DevSecOps, meaning that they believe every organization is different, and they should use the combination of tools that works best for the way they work. With that in mind, Atlassian solutions are incredibly flexible and designed to integrate easily with third-party tools. 

Jira Service Management (JSM), built on Jira Software, Atlassian’s backlog and bug tracking solution, sits at the center of DevSecOps processes. Not only is it tightly integrated with Atlassian Bitbucket Pipelines, but it can also be integrated with other popular third-party CI/CD tools. Change requests are made by raising a ticket in JSM, which can be linked to the original Jira issue, so approvers will have access to all the information they need to evaluate it. (Low-risk changes can be automatically deployed.) 

Using JSM's asset management capabilities, Assets, development and operations teams can link relevant configuration items (CIs) to their change requests, so as the requests go through the approval process, change approvers can better understand what dependencies there are and what might be impacted if there’s an issue. That way, they can better understand the risk involved before deploying a change.

Later, if there is an issue or incident related to this change, and another ticket is opened in JSM and/or Jira to resolve it, those tickets can also be linked. Granular permissions mean that the right people can access the information they need to collaborate and resolve the issues efficiently, while flexible notifications ensure that the right people are kept up-to-date on progress. 

In addition, JSM’s no code/low code, out-of-the-box automation capabilities can be used to automate almost any repetitive step throughout the process, saving everyone significant time that they can dedicate to mission-critical tasks.

Interested in learning more? See how we helped modernize the ITSM practices of one of the U.S. Air Force's squadrons in our case study: