Contrast Security Integration with DevOps Ticketing Systems

Executive summary

The Contrast Application Security Platform helps alleviate work ow bottlenecks by integrating security with the existing tools that developers use in their DevOps and Agile environments. This includes ticketing systems such as Jira and Azure Boards. Contrast’s approach improves the accuracy of security testing, incentivizes the remediation of vulnerabilities, and accelerates development cycles while delivering secure code to production.

DevOps needs security that integrates with existing tools

In order to quickly and accurately remediate vulnerabilities during development, teams need better visibility and more seamless workflow orchestration. Deep, reliable, and high-quality security integration can help incentivize remediation without disrupting or delaying existing processes. This enables development teams to deliver new applications with both fewer vulnerabilities and faster time to market.

Two-thirds (67%) of enterprise IT leaders say the lack of application workflow orchestration leads to services not being completed in time for the business.¹

The Contrast Application Security Platform

Contrast’s Application Security Platform includes Contrast Assess interactive application security testing (IAST) and Contrast SCA open-source security solutions.² This instrumentation-based approach to application security testing (AST) automatically identifies software vulnerabilities while developers are writing original code and building with open-source components. Contrast streamlines workflows by instantly providing detailed contextual information such as data-flow analysis as well as actionable fix guidance to assist with vulnerability remediation.

Contrast integration into the existing toolchain that developers use in their daily workflows helps actualize a true DevSecOps environment. DevSecOps makes application security an automated part of the software development life cycle, which means that security vulnerabilities are considered yet another dimension of code quality to be managed via existing work tracker tools.³

Ticketing integration—greater visibility and efficiency

Many of the common DevOps ticketing systems in use today depend on manual alert triaging and assignment of task ownership for vulnerability remediation. The resulting direct communication and co-dependent workflow between developers and application security teams often leads to strained relationships that ultimately slow down time to resolution. Critical vulnerabilities can be missed or ignored in favor of accelerated delivery.

Contrast’s integration with ticketing systems (e.g., Jira, Azure Boards, GitHub) helps bring a centralized and consolidated view of vulnerability issues to an existing tool—providing in-depth details about issue severity, prioritization, and status tracking. Contrast’s integration streamlines remediation processes by assigning ownership and publicizing the vulnerability resolution status. This helps motivate developers to quickly address vulnerability issues. Contrast also provides proof of remediation to verify that a fix has been made.

The cost to fix an error found after product release is four to five times as much as one uncovered during design, and up to 100 times more than one identified in the maintenance phase.⁴

Contrast integration capabilities

Contrast’s integration with existing ticketing systems optimizes cross-team orchestration to make code vulnerability-free—without disrupting accelerated delivery cycles and time-sensitive business needs.

Contrast benefits to application security

Contrast’s approach offers benefits to application security teams, including:

• Driving rapid remediation of critical application vulnerabilities
• Centralizing vulnerability management from detection to resolution—including verification that issues have been viewed, are being worked on, and ultimately have been resolved
• Consolidating multiple vulnerabilities as a single issue for simplified tracking
• Prioritizing vulnerabilities by severity
• Improving security visibility and cross-team communication for greater productivity and efficiency

Contrast benefits to developers

Contrast ticketing integration also provides direct and tangible benefits to application developers, such as:

• Automatically generating tickets and synchronizing comments on findings
• Fostering cross-team management and cooperative remediation workflows
• Reducing the total amount of time spent on managing and remediating vulnerabilities
• Accelerating delivery cycles for faster time to market

Driving remediation, accelerating DevSecOps

Integrating application security into DevOps can be a challenge. But the urgency of going to production without proper security testing practices will only lead to a buildup of defects that will cost more in the long run.⁵

As core components of the Contrast Application Security Platform, Contrast Assess and Contrast SCA integration into ticketing systems helps organizations streamline operations and improve the quality of their code. Including security within existing tools enables faster delivery of new software while helping organizations move closer to realizing a DevSecOps model for their environment.

1 Louis Columbus, “How To Accelerate DevOps Cycles And Keep Customers First,” Forbes, October 30, 2020.
2 The Contrast Application Security Platform also includes Contrast Protect runtime application self-protection (RASP).
3 Jonathan Knudsen,“New survey shows integrating application security testing gaining traction in DevOps,” Security Boulevard, November 2, 2020. 4 Mukesh Soni,“Defect Prevention: Reducing Costs and Enhancing Quality,” iSixSigma, accessed December 14, 2020.
5 Ruslan Desyatnikov,“Nine Best Practices For Integrating Application Security Testing Into DevOps,” Forbes, July 5, 2019.