New Integration: Security Issue Management [that rocks!] with Jira + ADO Boards

Arnica has just released the world's best AppSec integration with issue management tools, Jira and Azure DevOps Boards, and developers are going to love it. Why? Because Arnica automates huge portions of the manual work to create, manage, understand, and close security tickets in Jira and ADO Boards.

What user pains exist when it comes to security issue and backlog management?  

Security issue management and ticket backlogs have long been a thorn in the side of both developers and security teams. Security teams are required to manage and attempt to prioritize tickets for issues that go unaddressed as the security ticket backlog grows ever larger. Developers must context switch to address outstanding security issues that they may not be best suited to fix.

Growing Security Backlog

When security tool workflows are bad, everything becomes a ticket in the backlog. When everything becomes a ticket, security issues pile up and go unaddressed. JupiterOne’s 2022 State of Cyber Assets Report suggests that the average security backlog contains over 120,000 findings.  

Developer Context Switching

When all or most security issues end up in the backlog, then any effort made by development teams to address security issues will inherently require some amount of context switching. Developers will need to shift from their core product and feature work to investigating long-standing security issues that may have been introduced months or years ago by someone other than them.  

Lack of Context

When developers pick up a security ticket, too often the ticket does not contain the critical information to effectively and efficiently address the security issue at hand.

What Arnica built: AppSec issue management that rocks!

Arnica is thrilled to announce the release of two major issue management integrations – Jira and Azure DevOps Boards – with more on the way!  

Auto-opened and (more importantly) auto-closed tickets:  

Arnica scans 100% of your code. So, when risks are found tickets get opened and when risks are mitigated in the right git branches, the tickets are automatically closed. Simple as that! This new approach relieves security from needing to create and manage tickets manually and reduces the number of tickets that need to be prioritized in planning meetings because they’ve been auto closed with full context of the fix logged in the ticket.  

Give every opportunity to easily fix risks early:  

One way to keep the security ticket backlog down is to minimize the number of issues that require tickets in the first place. Arnica’s pipelineless security approach ensures that code is scanned on every code push. This helps developers and their security partners reduce the number of tickets created by giving developers every opportunity and resource – from code risk mitigation recommendation snippets to fixing secrets for you – to easily fix risks early.  

Across Arnica customers, 91% of all risks detected are addressed in feature branches.  No risk introduced. No ticket needed.  

Provide all relevant context to address tickets quickly:

Sometimes risks do get introduced… that’s reality. Maybe the developer had to push a hot fix for a customer issue or maybe they needed to get a feature across the line in time for the big launch. When the time comes to fix the risk, Arnica makes it as easy as possible by providing severity, risk type, CVE, depth, recommended fix versions, and who is best suited to help fix an issue all in the ticket.  

What does issue management in Arnica look like?  

Left: You can see a timeline of an SCA risk detected in a feature branch and then an issue was created in Jira when the pull request was opened. When the code was fixed, Arnica automatically detected the fix and closed the issue in Jira when the fix was merged into the default branch.  

Right: You can see the Jira ticket with the context of the SCA risk. The Jira ticket is in a “DONE” state since Arnica automatically closed it when the fix was merged into the default branch.  

Why Arnica's Issue Management integrations with Jira and ADO Boards matter

Developers should be focused on shipping features and improving the product, not digging through stale tickets and other developers’ code to try to figure out where an outdated third-party and corresponding vulnerability exists and how to fix it. Security teams should be armed with tools to prevent risks from making it to production in the first place and wielding thoughtful automations to help reduce existing risks easily.  

Now they can!  

Check out Arnica’s issue management integrations and give it a try for yourself!  

About Arnica

Enterprises today are faced with the need to harden their DevOps ecosystem to combat the proliferation of Software Supply Chain Attacks. These organizations are faced with the growing challenge of balancing development velocity, cost efficiency, and security.

Managing excessive developer permissions and identifying corresponding anomalous behavior are two obstacles in the way of establishing this equilibrium. Arnica was established to solve these obstacles by providing a seamless and frictionless active mitigation platform for exactly these issues and more. Arnica is the easy button for DevOps security.

Arnica analyzes excessive permissions, code risks and misconfigurations across the developer toolset and mitigates them.

Contact Arnica Press Team

press@arnica.io