CONTROLLED DATA
Leidos Proprietary - US Citizens ONLY
The information contained herein is proprietary to Leidos, Inc. It may not be used, reproduced, disclosed, or exported without the written approval of Leidos.
This article supports the FAQ about add-ons for the Atlassian application offerings in SecDevOps.
Does SecDevOps solution support Atlassian Marketplace add-ons?
The following plug-ins are installed and configured in the Atlassian products.
| Atlassian Application | Plug-in | Description |
|---|---|---|
| Bamboo | Checkmarx for Bamboo | Checkmarx Plugin for Atlassian Bamboo |
| Bamboo | Fortify SCA Bamboo Plugin | Provides the ability to run Fortify SCA scans and upload results to Fortify Security Center |
| Bamboo | Groovy Tasks for Bamboo | Tasks for Groovy, Gradle, Gant, and GINT scripts. |
| Bamboo | SoapUI for Bamboo | Executes tests and parses results for SoapUI,SoapUI PRO, LoadUI Pro, and Secure Pro |
| Bamboo | Sonar for Bamboo | Bamboo tasks to analyze your projects with Sonar for Maven, Gradle, SonarScanner, MSBuild, and .NET Core. Also supports auto-branching for Sonar-based code reviews. |
| Bamboo | Xray for Jira add-on for Bamboo | Integrates Bamboo with Xray for Jira, the add on for Manual and Automated Test Management inside Jira |
| Bitbucket | Announcement Banner for Bitbucket | Display pertinent information (e.g. scheduled server maintenance, approaching deadlines, etc.) at the top of your Bitbucket instance. |
| Bitbucket | Awesome Graphics for Bitbucket | Adds graphs which let you visualize information about your repository, commits and committers. |
| Confluence | Arsenale Lockpoint | Allows you to lock attachments on Confluence pages for editing and prevent merging or overwriting by multiple authors. |
| Confluence | Gliffy Diagrams for Confluence | Provides in line and page graphics for Confluence. Easy to use, similar to PowerPoint, allows hyperlinks in the graphic, import images or create your own. Generates a png file as an attachment to the page for reuse in other pages. |
| Confluence | Scroll Office for Confluence | Allows you to import a Microsoft Word template (.dotx) into Confluence, embed macros in the Confluence page so that when the page is exported using the template, it will automatically be formatted as though you have written the content directly in Microsoft Word. This is extremely valuable for formal documentation that must meet customer formatting (e.g., cover pages, fonts, approval pages). |
| Confluence | Questions for Confluence | Share knowledge and find answers with internal Q&A. |
| Confluence | Team Calendar for Confluence | Project calendars for managing schedules. |
| Jira | Links Hierarchy for Jira | Provides discover, trace, report and sum up progress dynamically for Issues. Introducing Dynamic Progress Roll up (NEW!) of linked issues, subasks, epics and Portfolio hierarchies whereas the project collaboration and visibility are naturally and effortlessly improved. |
| Jira | PivotReport for Jira | Status overview and detailed breakdowns for all types of issues in Jira. We provide Epic->Feature→Story issue types that can be tracked using PivotReport and Linked Hierarchy. |
| Jira | Portfolio for Jira | Agile road mapping application and multiple team tracking. |
| Jira | Project Configurator for Jira | Allows you to export your project's configuration for import into another Jira instance. This is valuable because the Jira export does not bring the configuration customization with it. |
| Jira | ScriptRunner for Jira | ScriptRunner is a collection of powerful but easy-to-use workflow functions, JQL functions, listeners and services. Either augment the ones provided with Groovy, or write your own. You may never need to write your own Java plugin again. |
| Jira | Jira Workflow Toolbox | Provides a rich set of conditions, validators and post-functions for designing complex workflows on JIRA. It also supplies an easy and powerful mechanism to implement metadata in JIRA projects: Project Properties, making it possible to customize workflows behavior as a function of the value these properties in each project. It improves dramatically the flexibility and reusability of your workflows. A set of JQL functions is also available for making queries on project properties. |
| Jira | Xray Test Management ror Jira | Provides manual & automated test management for Quality Assurance in Jira. |
| Jira Service Desk | Power Scripts | Script automation - similar to Jira's ScriptRunner. |
Because add-ons are licensed for the server, we do not allow projects to install add-ons at will. We are open to having a conversation about plug-ins, but the request will need to be raised through the SecDevOps Governance Board (which is chaired by Group CTOs, ITS, CISO and the SecDevOps TCC) to weigh the cost, cybersecurity risk assessment, impact to current installation, etc. against the project’s needs. In addition, the project would need to purchase the license for the Server (which is currently configured for >1000 users) and would need to pay for upgrades in the future.
The following steps can be used to recommend an Atlassian Marketplace plug-in for inclusion in the SecDevOps environment.
The following steps will walk you through raising your request to the SecDevOps Governance Board so be sure your recommendation would benefit all projects within the SecDevOps environment.
Step-by-step guide
- Begin the process by logging into the SecDevOps Service Desk and submit a Change Request issue. Please provide any justification that includes examples of use, why it would be valuable to the enterprise. Add any additional details for the product such as hyperlinks to the plug-in, screen captures, etc.
- The Change Request issue will be presented to the SecDevOps Governance Board for review.
- If the new plug-in is approved,
- it will be added to the application and the ticket will be closed.
- A broadcast will be distributed or posted on Prism indicating the new plug-in is available to all SecDevOps projects.
- If the new plug-in is not approved, the Governance Board will provide a reason for their decision.
- If the new plug-in is approved,
- The SecDevOps Service Desk ticket will be closed.