Posted by Bangalore: JFrog and Slack have announced the availability of a new integration for JFrog Artifactory and JFrog Xray. As part of this new integration JFrog – the Liquid software company has introduced a new JFrog app for Slack.
This new JFrog app allows developers to easily keep a tab of key software development events – such as new security vulnerabilities or license compliance violations. And that too, not just for self but with an extended team of stakeholders in real-time.
That means the developers’ team along with the stakeholders can address those events and their impact allowing them to better streamline software release cycles and quickly resolve the issues.
The JFrog and Slack new integration simply help the DevOps teams to stay alert of key events or incidents, take action in quick time and ensure software development is streamlined. This scenario is very important particularly in the case of vulnerabilities and security.
More than often, software development teams struggle to deal with vulnerabilities leading to major flaws in the software product.
Vulnerabilities can occur for many reasons like insufficient logging and monitoring processes, injection flaws, data exposure, using code components with infected or known vulnerabilities, cross-site scripting issues, weak or broken authentication and access control, poorly configured XML data, misconfigurations in security, deserialization and more.
So DevOps and developer teams need not just collaboration tools but tools that can trigger real-time information on important events or incidents during the development process in real-time and according to the teams can take actions. Probably, the JFrog and Slack new integration has tried to address such situations.
“Collaboration has always been an integral part of DevOps, but when it comes to security-related events, you need to communicate early and often,” said Stephen Chin, VP – Developer Relations, JFrog.
“We are thrilled to work with Slack – one of the world’s leading collaboration tools – on enhancing the way developers work today so they can deliver stronger features, faster releases, continuous updates, and improved security for their entire DevOps pipeline,” added Chin.
The JFrog app for Slack combines artifact management and security with operational excellence that is integral for business performance. The app allows the users with notifications, content and actions related to specific software incidents to be shared with one or more Slack channels.
For example, developers can share vulnerability and license compliance notifications based on policies set up in JFrog Xray with an extended team of stakeholders – straight from their desktops.
The interactive notifications enable recipients to take action, create “ignore” rules, display details, and more. Notifications can be paused, deleted, or invoke the JFrog Platform for more details all from within the Slack channel.
Within the Slack channel, users can pause notifications, delete them or invoke the JFrog Platform for more details.
Here’s a close look at the new JFrog app for Slack offer capabilities that goes beyond augmented, real-time collaboration such as quality assurance, shift left security and contextualized alerts.
Quality Assurance (QA) – Software QA teams can configure policies and watches within the JFrog Platform to monitor targeted artifact repositories used in testing and staging environments, then report security violations through Slack for prompt resolution.
Shift Left Security – Notifications sent through Slack alert the development team of security vulnerabilities and enable resolution at the earliest point in the development lifecycle.
Contextualized Alerts – Using Slack, developers can help other stakeholders filter and prioritize alerts by adding more context around the severity or criticality of each to enable more informed remediation.