Mend.io + Jira Security: Doing DevSecOps Better Together

White Hat Hacking - Not What You Expect
Table of Contents

We hear a lot about the urgency of transition from DevOps to DevSecOps, and with good reason. The ongoing rise in cyberattacks across the software supply chain, coupled with a shifting regulatory landscape, highlights the growing urgency of improving application security. But it’s one thing to recognize the importance of integrating security into the software development process, and another thing to actually succeed at doing so. We know from speaking with our customers and industry research that developers won’t use AppSec tools that make their lives harder. 

That’s why we believe in automated testing tools that integrate application security into existing workflows — making tools easy to use generally translates into more seamless adoption, and teams that work better together. Wherever possible, we create integrations that overcome this problem.

With that in mind, we are particularly excited about the forthcoming availability of Jira Security dashboards, which features a new supporting enhancement to Mend.io’s Jira integration capabilities. Now Jira users will have a single place to view and triage security alerts from mixed security vendors.

In addition to the enhanced integration support, the new capabilities will include:

  • Vulnerability linking to Jira issues.
  • A new ability to create issues directly from within the Security Tab. Fields are pre-populated with data pulled from Mend.io’s security testing integration.
  • The new ability to filter by severity, CVE identifier, and more to run vulnerability triaging and prioritization rituals.

Jira Security will help development and security teams increase collaboration and shared responsibility for security by centralizing vulnerability information in a shared space where teams manage their work. It will also empower development teams to bring security into agile ceremonies such as sprint planning, and quickly triage and address vulnerabilities to incorporate security into the development process.

The Installation and configuration process is relatively simple, as users can select “Jira Security Dashboard” both in the onboarding process and within advanced settings. 

Once selected the user then selects Mend Applications (Products).

Once Mend Applications is selected for a Jira instance, they are available for the selection in the Project configuration for Project Admins. The user can select what security containers (Mend Projects) will be a source of vulnerabilities for this Jira Project.

After containers are connected to a Jira Project, Mend.io will continuously update this dashboard with alerts from the respective Mend.io Project on the following: 

  • Severity
  • Vulnerability description 
  • Vulnerability status – Open, Closed, Ignored, Unknown 
  • Vulnerability detection date
  • CVE information
  • Issues 
  • Actions 

Benefits

According to research by Atlassian, the average Jira customer has around three security vendors who push data to Jira or would like to. By viewing all vendors in one place, using the integration with Jira, users will save valuable time and resources when they’re security scanning. And now, developers will enjoy more flexibility and choice to secure their software and applications when using Jira.

Additionally, the integration enables users to find and fix issues and vulnerabilities quickly and early in the SDLC. Integrating Mend enables users to send security findings directly to Jira Security, and Mend users will now be able to adopt and implement cutting-edge capabilities from Jira so that they can better manage their security more easily. For both Mend.io and Jira users, the integration accelerates the early detection and remediation of vulnerabilities that expedite security processes by anticipating and addressing issues before they can compromise your code base.

Recent resources

Application Security — The Complete Guide

Explore our application security complete guide and find key trends, testing methods, best practices, and tools to safeguard your software.

Read more

Breaking: What is Going on with the NVD? Does it Affect Me?

Learn about the current issues with the National Vulnerability Database, how it affects vulnerability reporting, and how Mend SCA can help.

Read more

Mend’s Handy Guide to Using EPSS Scores

Discover Mend’s Handy Guide to Using EPSS Scores. Learn how EPSS can predict exploits and prioritize vulnerability remediation effectively.

Read more