Stephen Chin, VP of Developer Relations @ JFrog
John Peterson | Senior Software Developer @ JFrog
Suzie Prince | Head of Product, DevOps @ Atlassian
Managing all the tools needed to deploy, observe, and support a modern DevOps pipeline can be challenging with information siloed across different organizations.
Learn how to integrate best-in-class DevOps tools so that your developers and ops are seeing one unified view of production that is powered by JFrog and a huge ecosystem of partners.
Welcome to the partner keynote at SwampUP. My name is Stephen Chin, I run the Developer Relations team and the partner engineering team and we’re going to talk today about how you can take your entire DevOps deployment. And observe it all the way from code through to production.
If you think about how you did this historically, pre-pandemic, you were probably surrounded by monitors, you got a bunch of different systems, which you were monitoring and integrating with and you were accomplishing this from the comforts of maybe, you know, 6 or 12 monitor workstation. In the last year, the new normal has been, we’re all working from home, we’re doing things remotely.
And what you really need to be effective is you need to be able to have a single pane of glass which shows the observability of your entire systems, integrates all this disparate information and you can do it from the comfort of your wilderness retreat, kind of like this. A big shout out to Sven who has pioneered the hacking from the woods with his presentations the past year.
So yesterday, you were looking at uncorrelated events, you had multiple user interfaces, you were dealing with, you had SILO technologies. Tomorrow, what we’re presenting as a vision is better unification of all of this data, a single pane dashboard and an integrated platform using the JFrog platform.
Taking this from the beginning, you have all your collaboration systems like JIRA, Slack, Microsoft Teams, this tense takes you into observability with systems like Data Dog, Dinah Trace, Splunk and Elastic. And then finally, IT service management with Pager Duty and we’re tying all of these together with the JFrog platform. And we’re going to show you a demo today of what you can do with these technologies featuring some of our partners. So to kick this off, I want to introduce Suzie Prince, the head of product DevOps at Atlassian to talk a little bit about how you can better integrate JFrog and Atlassian technologies together.
Suzie, take it away. Thank you, Stephen, I’m delighted to be here. As some of you may know, Atlassian’s mission is to unleash the potential of every team. And our collaboration with JFrog enabled our mutual users to reach that potential. We know that the best software teams use many different best of breed tools to enable them to deliver value to their customers. And we also recognize that no single vendor can provide every tool needed for DevOps for modern software development, and that connecting tools from different vendors is really challenging for teams right now.
That’s why the combination of Atlassian’s and JFrog’s best in class solutions for planning and artifact management is so exciting. It allows developers and other technical stakeholders as well as your product and business owners to have shared visibility, collaboration, and traceability around the software they create from planning to production. By unifying the planning and development processes across Atlassian and JFrog, we have provided a unique way to collaborate across your business.
And it is this better together story that enables and empowers teams to streamline that collaboration and traceability. This in turn, accelerate application releases, and improves productivity. The new integration allows developers to trace each JIRA issue to the unit of value that was delivered to customers and collaborate more effectively around the lifecycle of software binaries. We’re excited to see how are customers respond to this deep collaboration around the software binary in JIRA Software, and how they might use this to improve their processes for delivery and deployment and add more value to their business and their customers. Let’s take a closer look at how that integration works right now. So thanks a lot, Suzie. That was awesome. And I’d like to introduce John Peterson, who’s the team lead of our partner engineering team and he’s going to talk a little bit about how DevOps, DevSecOps and developers can work together in a unified workflow. So how are you doing, John?
Hey, Steve, thanks for the handoff. And today I’m going to walk you through a quick problem that highlights how you can resolve zero day CVE using the JFrog platform and our partner integrations. And so for your security personas, they need to know more information and better visibility into their vulnerabilities. And for DevOps, we need to know where is this been deployed in production and where is my fixed build? A lot of this information is available in artifactory and X ray but how do we leverage this information in other partner ecosystems like JIRA and Data Dog?
And so let me show you how you can react in time to avoid disaster by leveraging the JFrog platform and a bunch of best of breed partner integrations. It all starts with JFrog X ray security impact, where we can generate the alert to slack and robust security logs to data dog to be analyzed by our SRE and the pager duty incident that’s also generated from x ray can then be used to quickly create a JIRA issue.
So let me show you that flow here in an interactive demo. And it all starts like I said, here in artifactory. Following best practices, I’ve set up my artifactory with both dev test and production repos. And similarly, I’ve set up my X ray watches to monitor both dev test and production artifacts. Using these watches, whenever an impacted artifact is triggered in a production environment, it will then generate an alert out to slack.
One of these alerts out to slack, as you see here on the screen will include the impacted artifact, which you can use inside of the data dog X ray vulnerability dashboard to highlight that one artifact and quickly drill down into all of the information that you need to know about this vulnerability. And from there, with this analysis, you can go into the pager duty incident and generate a JIRA issue with just one simple click. With the JIRA issue created, it includes all of the vulnerability information from x ray, and it can now be remediated by your dev sec ops persona.
That’s awesome, John. So what if you’re a developer and now you want to actually go in and fix the security vulnerability? So how do we keep track of everything? So the developers, we need to have those security patches and product needs to make sure we keep getting features out. This all starts with JIRA. So with JIRA will have that robust information that you saw about the security impact from x ray directly.
And so we can go ahead and analyze it directly from the JIRA issue. Issue of ECS check ins such as a git commit with our JIRA issue number. And then when we issue a build, the build info will be uploaded to artifactory. And then that will be created a bidirectional link through our integration with JIRA and artifactory. We’ve additionally added a new feature about deployment information. And so if you also deploy this build into an environment, and include the necessary information we’ll also include those deployments directly into your JIRA issue for you now, Cool.
Thanks a lot, John. It’s awesome that we’re able to do this end to end scenario, it covers DevOps, DevSecOps and developer personas. And this covers the overall vision, which I described earlier, to be able to observe your deployments all the way from collaboration tools, like slack and JIRA, through to ITSM tools like pager duty for handling your incident management through to observability of your entire system, including metrics, logs, and traceability.
And all of this information feeds through the JFrog platform, which gives you full overview of your platform and mission control and insight, gives you CI\CD pipelines, gives you the best in class package management with artifactory and then lets you distribute to the cloud and Kubernetes and all the way to the edge with our distribution system. So thank you very much for watching this partner keynote and we hope you enjoy the rest of SwampUP.