Keep Applications Secure in Atlassian Bitbucket with Automated Pull Requests
Limited Time Offer!
For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!
Source:-securityboulevard.com
As development organizations seek to innovate faster and build more secure applications at scale, one of the trends we’re seeing is the desire to automate dependency management and bring security into the places where developers spend most of their time.
This was evident in our 2019 State of the Software Supply Chain Report where we analyzed 36,203 open source components from the Central Repository to determine how effectively development teams update their OSS dependencies and fix vulnerabilities. We found that exemplary dev teams are 12x more likely to have automated tools to manage OSS dependencies, and those teams experience a 55% reduction in the use of vulnerable OSS components, highlighting the need to move towards automation.
While assembling code, developers often use source control management systems (SCMs), like GitHub, GitLab, and Atlassian Bitbucket. As we point out in our Policy Evaluation Guide, SCMs are often the first place where a piece of code gets shared and reviewed by both humans and machines. More and more automated dependency management solutions are coming to the market that integrate into source control, however, we have heard from our customers that these solutions are quickly turned off because they produce a lot of “noise” and send multiple alerts that aren’t helpful to developers. They also don’t make recommendations based specifically on an organization’s open source policy, instead just suggesting the next non-vulnerable version.
That is why we have focused our attention on integrating Nexus Lifecycle with many SCM tools and are releasing automated pull requests with Atlassian Bitbucket, which will fix security vulnerabilities and automatically maintain the quality of your open source dependencies. Unlike other solutions, we leverage the precise data in Nexus Intelligence to provide expert remediation guidance based on your organization’s open source policies, eliminating the noise, false-positives, and haphazard updates