Hey everyone Josh here from the Compass product team posting on behalf of our friends over at BlueFlag Security! We are excited to bring you the BlueFlag Security-Compass Integration, a powerful tool designed to deliver comprehensive security, governance, and compliance across your entire SDLC process. Find it under "Apps" in Compass today!
With software supply chain attacks on the rise, an integrated approach to SDLC security is essential. BlueFlag Security addresses this need by providing a multi-layered unified defense that integrates identity security with traditional open-source software risk management and developer tool posture management. BlueFlag Security’s AI/ML based Identity Intelligence framework provides advanced insight and governance capabilities ensuring compliance with the strictest standards. This creates a secure, efficient, and reliable development environment that prioritizes identity security, enhances code integrity, and ensures proper tool configurations.
BlueFlag extends Atlassian Compass vision of being the Mission Control for development teams to include security, governance, and compliance. Once you onboard the BlueFlag Security Platform and integrate it with your Compass environment, you will have access to BlueFlag advanced security and governance insights directly from the components that have been imported from your Source Code Management tools.
BlueFlag publishes your NIST 800-218 Compliance Score and Over-privilege Score directly in your component metrics, giving visibility into health trends over time of your identity security, open-source software security, and developer tool configuration posture.
The BlueFlag application deployed within your components also enables you to get detailed visibility into these security and compliance insights. With the Over-privilege Score drill down, identify all the contributors who have excessive permissions for that component. Similarly for the Compliance Score drill down, identify the NIST 800-218 controls that have failed for that component.
Additionally, BlueFlag also provides insights to identify the inferred component owner teams by correlating the identities with their privilege level and activity patterns. The BlueFlag Security application deployed within your Atlassian teams leverages proprietary AI/ML based Identity Intelligence framework to correlate your Atlassian teams with your Source Code Management teams and IAM groups to give a normalized but comprehensive view of your development teams.
In summary, BlueFlag Security provides normalized identity and component security metrics, governance and compliance insights across your development process enabling you to leverage Compass as the comprehensive Mission Control platform for your teams. We encourage you to explore its features and share your feedback!
Discover More About BlueFlag Security: To learn more about our approach, and the solutions please visit www.blueflagsecurity.com.
Josh Campbell
Product Manager
Atlassian
Seattle, WA
8 accepted answers
0 comments