Thursday 15 December 2016

Why GitHub and JIRA

My current experience is that only GitHub and JIRA have the workflows and the speed that allow these risk workflows to be used properly in the real world.

I know there are other tools available that try to map this and create some UIs for risk workflows, but I believe that you need something very close to the way developers work. GitHub and JIRA meet this essential requirement, as they are both connected to the source code.

JIRA is more powerful from the point of view of workflows. JIRA allows you to have more complex workflows, which is quite interesting, and JIRA gives you a risk acceptance button, which is very powerful.

GitHub is simpler than JIRA, and can be easier and faster to use, although its reporting capabilities aren't as built as JIRA's.

These two tools are the only ones I have seen that can make this workflow perform in the real world.

(from SecDevOps Risk Workflow book, please provide feedback as an GitHub issue)