Transcript: The Atlassian Ecosystem Podcast Ep. 118 - Update Your Troubles Away

Ryan Spilken:

Hello and welcome to Adaptavist Live The Atlassian Ecosystem Podcast. This is episode 118: Update Your Troubles Away. I'm your host, Ryan Spilken and joining me today is Brenda Burrell. Hi, Brenda.

Brenda Burrell:

Hello.

Ryan Spilken:

Brenda, did you tell Matthew he could take time off?

Brenda Burrell:

I did not. I think none of us realized that he was going to be off today, as we're recording this episode and we are feeling his absence keenly.

Ryan Spilken:

We're always keenly missing Matthew’s presence

Brenda Burrell:

Matthew wherever you are, I hope you're having fun.

Ryan Spilken:

Oh yeah. Can't wait to hear about Matthew's vacation, and we'd love to hear about your vacation too, if you're taking one. And you know what I like to do on vacation? Layout, and look at the clouds. So let's take a nice relaxing view through the Atlassian Cloud updates from the 10th of May to today, May 25th, when we are recording this episode. And it begins with an overview of the Atlassian Cloud platform in general. They have released an iOS update to Confluence Cloud, so in order to keep the momentum on your projects going while you're, I don't know, wherever you take your iOS device, the update will be ready for you. You need flexibility when adding tables, they've made it easier to add, or remove cells and lots of improvements to the Confluence app. So update your phones.

Ryan Spilken:

You'll also, and this is throughout the Atlassian Cloud Platform, be able to discover products your users create outside of your organization. So you'll be notified when your managed accounts begin to administer products that are outside of your organization. This is interesting, sort of tying Atlassian access to details about those products. So, if you are interested, go into security and discovered products to check that out in the cloud.

Brenda Burrell:

On Jira cloud, you can now update issues without opening them in search results. You can select your issues in your project sidebar and run a search, switch to your list view and perform key issue operations on your search results without opening those issues. Hover over an issue row, select the three dots that will pop up for that issue, choose an operation. Additionally, you can edit an issue status directly by selecting the status from a dropdown. If you haven't enabled the issue navigator in your team managed project yet, go to project settings then the features and toggle it on. So, we'll move on to advanced road maps in cloud, and there's an update for selective scheduling. Along with helping create an entire plan, you can now tell the auto scheduler to only schedule specific issues. To use this feature, select which issues you want advanced roadmaps to automatically schedule using the check boxes in the scope section of your plan, then use the auto scheduler like normal, and it will only work its magic on those issues.

Brenda Burrell:

See, that is a very nice feature. Being able to select which ones you want. There's a new issue view. Comments now always display the five newest comments first. Users have given Atlassian feedback about the way comments are displayed in the new issue view, so they fixed it. Comments sorted by oldest first will continue to display the oldest at the top and newest at the bottom, but now show the five newest first. In other words, the first displayed comments will change, but not the sorting order. You can always click view X older comments to see older comments. Go ahead and give it a try. Go into an issue of sort your comments by oldest first. You can also edit issue descriptions. Users can now edit the issue description field and issue title from the advanced roadmaps timeline. Learn more on the view issue details page. Some nice updates for advanced roadmaps. And last, but certainly not least, under advanced roadmaps new issue view. You can sort issues under an epic. Sort by date created, a key priority status, assignee, and rank. Just go to any epic and select the order by drop down to see the options. You have options people, make use of them.

Ryan Spilken:

Over in Jira software with those luxurious next generation projects news about time estimation in Jira software cloud has been dripping out slowly over the past few podcast episodes. And there's even more because now, time can be used as an estimation metric, if that's your thing. So in order to start using time to estimate your work, you can head into project settings and features, and once estimates are added to your issues, you'll be able to see the size of an issue on your board and the backlog, as well as the backlog showing the amount of time that's estimated for a sprint. Now that sounds like a great way for teams to customize and what works for them. I was about to say something about agile, but I'm wrong. So I'm not going to say it.

Brenda Burrell:

It happens on occasion.

Ryan Spilken:

It does. Sometimes

Brenda Burrell:

Not often.

Ryan Spilken:

Me being wrong, that is.

Brenda Burrell:

But yes, you being wrong.

Ryan Spilken:

Twice an hour. There's also updates to Jira software's release notes functionality, where you have some options to download your release notes with markdown format. You can regenerate your release notes based on some layout and issue type options, you can format and update them in the editor and just put them right onto your clipboard.

Brenda Burrell:

In Confluence, a space directory refresh. Space directory, as we all know, shows all the spaces that are available to you. The filters and actions available have been updated to make it easier to find the space you're looking for. You can also review the spaces from this list or star the ones that are important to you. If you are a space or product administrator, you can get to space settings from here without going to each space. Nice little update to space directory. I've been spending a lot of time in space directories lately, and I'm always up for space directory refresh. Last but not least in our cloud news, BitBucket's deployment environment limits increased from 10 to 50 for standard and premium accounts. So if you are a standard or premium BitBucket cloud user, or your account is, you now have a limit of 50 repos instead of 10. Do more things. Do great things.

Ryan Spilken:

So listeners, every two weeks, when we get ready to record this show, I checked through a ton of articles from Atlassian directly. And one of them that I look at every week is the cloud roadmap. Now this doesn't have live feature updates. It's more of a top down overview, very broad, but one thing caught my eye and I thought we should bring it up. It looks like Atlassian cloud is going to be shifting to a four week release schedule instead of the current two week one. Now, this is they're saying in quarter two of 2021, which we're entering soon, or if we haven't already gotten there, I don't, I follow the sun, not business quarters, but maybe I should change that. But, what they're saying is that now, and I like this selling proposition, admins are going to get more time to prepare for changes by receiving changes in new features every four weeks instead of two. So that might affect the calculus by which we operate this program, but we'll see.

Brenda Burrell:

I don't know.

Ryan Spilken:

What do you think?

Brenda Burrell:

I don't know. I'm sure that we could come up with plenty of things to talk about every two weeks.

Ryan Spilken:

So that's interesting. We'll keep an eye on it, yeah?

Brenda Burrell:

Yeah. That is very interesting.

Brenda Burrell:

And it's time to get our head out of the clouds and look a little bit at a data center. Pardon me. Jira software 8.17 released May 18th, some good stuff in here. Flexible terminology for Jira on data center. Admins can now change generic Jira terms. With this functionality you can keep consistent naming of sprints and epics between Jira and the agile at scale frameworks, including safe and less. Terminology changes apply to any variant of English. Advanced roadmaps and Jira align admins can easily apply new Jira terms in their instances. Basically what this does is replacing terms and custom field names and issue types, and everywhere else in Jira, such as reports issues in search results, it'll keep the capitalization of the original terms wherever possible. So there's a new page to help admins define those new terms.

Brenda Burrell:

Regardless of the framework you're following or the terminology you choose you can define singular and plural forms of your new terms according to the following rules. You can't swap the names of epics and sprints. There is a 40 character limit. Terms must be unique. The example they give is you can't call both epics and sprints potatoes, which that's the sort of thing I would totally try to do.

Ryan Spilken:

Potatoes!

Brenda Burrell:

Potatoes! One potato, two potatoes. And can contain only letters, numbers, and spaces, and all fields must have at least one character as their value. If you need to revert to the original names, just enter the original names and text fields.

Brenda Burrell:

Interesting direction. Unsurprising, but keep in mind that this is relevant to English only. This is a complex thing. If you are an admin that is considering flexible terminology, I would definitely do this on a test instance first and see what all the impacts are before you roll it out on production, because this could have unintended impacts to users you don't expect. I think the assumption is probably, well, you know, if you're using a framework, everybody's using it, but that's not always necessarily the case. So that's a very good point that you've made admins before you wield this great power, think it through.

Brenda Burrell:

A refresh, commenting experience in Jira data center, keeping accessibility in mind, which improves the keyboard navigation and the supportive assistive technologies around comments. I approve, wholeheartedly. Custom fields are now included in data pipeline exports, so user generated custom fields and fields provided by apps will now be included in the data pipeline export as long as they're an exportable type. So they are fields that implement exportable custom fields type. If a custom field contains no data, it won't be exported, so keep that in mind, if you're exporting data pipelines.

Brenda Burrell:

Atlassians, really stepping up with security and we'll be talking about security more in this episode, upgraded components and libraries. 8.17 fixes around a hundred vulnerabilities simply by upgrading components and libraries within Jira's code base. More fixes are going to be coming out with upcoming bug fixes or the next Jira version. There is a link, and we'll post this in the show notes, there's a link in this page to preparing for Jira 8.17, where you can learn more about some of the most important libraries that have been upgraded. Also backporting to LTS releases, stability around LTS releases is the top priority, but that's what makes it difficult to backport. Atlassian will be focusing on latest versions and are doing their best to review test, test, test, test, and back port critical fixes is completed.

Brenda Burrell:

So you can expect those in bug fix releases for Jira 8.5 LTS and Jira 8.13 LTS, so really hammering on security as they should be. New supported platforms: Microsoft SQL server 2019, and Microsoft edge as a supported browser. So that's exciting, and as always, as I said, we'll link to this page in the show notes, you can get to all of the resolved issues in 8.17. A big update, lots of good stuff in that for Jira software. In Jira service management, Atlassian released 4.17 on May 18th as well, and we'll link to the release notes in our show notes for this episode. And a lot of this is around the... There's a lot of overlap with the Jira stuff, security updates, custom fields now included in data pipeline export, new supported platforms, and a long list of bug fixes that have been resolved in 4.17, so take a look at the notes on that. I'm not going to go into too much detail since there's so much overlap.

Ryan Spilken:

Confluence team also rolling out with an update in Confluence 7.12.1. This is a bug fix release, but some of these bugs are probably affecting you. Frankly, the Excel and Word macro not triggering edit in office would probably annoy me if I was a Confluence user. So that one alone says good stuff, also some security updates errors with team calendars and logging all fixed in Confluence 7.12.1.

Brenda Burrell:

Hooray! We love a good bug fix.

Ryan Spilken:

Love it.

Brenda Burrell:

Love it.

Brenda Burrell:

On to a fairly beefy segments of this week's episode. BitBucket has had a lot of love.

Ryan Spilken:

So much.

Brenda Burrell:

If you're using BitBucket for server data center again on May 18th, Atlassian released 7.13 with some really, really nice updates. Reviewer groups for poll requests on data center. So instead of having to think about, I need to add this person and that person and that person, I could now just say, here's my reviewer group off I go pull request created. Just type the group name into the reviewers field, add that group as you would an individual. Nice.

Ryan Spilken:

Boom.

Brenda Burrell:

Oh, I love it. And it's so much more maintainable in the term as well, so that makes me happy. Project and repo admins will create and manage the reviewer groups, making it easier for development teams to self-manage. Just select the group members that you want in a particular group, and you're good to go.

Ryan Spilken:

Oh, this is slick.

Brenda Burrell:

I love it. It's really, really nice.

Ryan Spilken:

You think that's good?

Brenda Burrell:

You think that that's good? Pull request description templates. It does what it says on the tin. You can build in a template for your pull request description. You don't have to think about it and you can build that in the project settings page for the project, and when a new pull request is created, the contents of that will be automatically applied. It's going to save a lot of time.

Ryan Spilken:

So nice.

Brenda Burrell:

And consistency across pull requests. It's a thing of beauty. Yeah. Can manage all repos from one location. So in BitBucket Dana's data center, there's now a new global repositories page, so you can quickly see which are active, which are inactive, ones that are taking up space, you can delete multiple repos at once, being very careful when you do so.

Brenda Burrell:

There is a link to advanced repository management documentation that will be on the release notes that we'll link to in the show notes. These are nice things.

Ryan Spilken:

Really cool.

Brenda Burrell:

They're nice. And you're going to get to these and go, why haven't we had these all along? They're going to become... These are fundamental quality of life updates. Well done Atlassian. And then there's also data and insights about your instance. You can export current state data from BitBucket data center, feed it into a favorite business intelligence platform, Tableau, Power BI, whatever you use. You can generate reports and visualize your users activity. You can provide your organization leaders with a better understanding of how teams are using BitBucket and make decisions around optimizing or cleaning up projects and repos. So this raw data is going to include things like repo details, commits, build statuses and pull request activity. You can trigger this via rest API and you can view it at a system and then into data pipeline. The initial export can take some time. There are some performance and security considerations for you to be aware of before you do this. Again, there's an additional article linked to from the release notes, and then some nice little smaller, air quotes, things.

Brenda Burrell:

When you merge a pull request, BitBucket will now assign a pull request author as the author of the resulting commit. So there's going to be... We're used to who made a commit. Now we're going to have a commit author, and this is a concept that kind of separates things out so that whoever did the pull request is shown as the commit author, whoever merges it is identified as the one who makes the commit. And what that does is it prevents confusion where if the person who does the merge is not the person who authored the pull request, we lose who the pull request author is. So we now have these, this concept of, of a commit and a commit author. And that's also going to play in with, if there's a suggested comment in a poll request, they would go in as a commit author and the user who applied that suggestion is the committer. So you have committer and commit author.

Brenda Burrell:

When I first read through the paragraphs on this page, I had to read them out loud to myself and go, what are they saying here? We're now tracking both who made the commit and who authored it. I really do like that. That's going to make things a lot clearer in the long run. You can now, in addition, if you're using Git if you have 2.18 or higher installed, you can do partial clones using dash dash filter. Partial clones will not work for Git up to 2.17, you have to be 2.18 or higher, but that's nice. You don't have to clone everything down, you can filter things out.

Brenda Burrell:

In BitBucket 7.8, so there was a build actions, menu that included run plan option to the builds page. This same option is added for failed and incomplete jobs. Save time and resources, if you don't want to run the entire plan from BitBucket. So, there's several things that have been done just again, quality of life, not given a lot of attention on the release notes here, but just quality of life improvements.

Ryan Spilken:

Huge.

Brenda Burrell:

Huge quality of life improvements. So if you're running BitBucket, go take a look, 7.13. Yes. Reading through these release notes it was just this constant, oh, yay moments, so well done. Good job. Atlassian BitBucket team, you all deserve a day off and a raise.

Ryan Spilken:

And Brenda, it looks like the next article we have kind of got lost in all of the Team 21 talk and all of the big stuff happening a couple of weeks ago, we missed this. And so we think it's really important for BitBucket Cloud, security getting Snyk and that's the whole [crosstalk 00:20:05]

Brenda Burrell:

We had a debate over how this is pronounced. Is it snick or is it snike? It's S-N-Y-K, for those of you who need that spelled out as I do. So we have an article and we'll link to it in our show notes about integrating security into your development process with Snyk, which is now integrated in Bitbucket cloud. So some of this is available now, so you can do pull request analysis with code insights or Snyk pipelines. Atlassian is going to be rolling out a new tab in BitBucket cloud, and this is a security tab. Going to be a gradual rollout. You may already be seeing this. As Ryan said, we missed this in the hubbub around Team.

Brenda Burrell:

The security tab is going to allow you to do a lot of the analysis that you need to do around what open source packages are being used by your applications. Anytime you're using an open source tool, obviously you're getting the benefit of it being open source, but there's a risk inherent in that as well. And according to this article, 70% of these open source packages contain one or more security flaws. It happens. They're made by people, people make mistakes. There's been a 250% increase in open-source vulnerabilities over the past three years, so security is not a thing that you can ignore, particularly in the world of DevOps. So this new security tab is going to let you see risks that exist in your dependency files, code base, and container images. So this is really quite far reaching. So you can resolve them before your security team gets onto you about fixing them. For a security analyst, you can just go to this tab, you'll see these existing vulnerabilities on the open source license issues, so you can prioritize what needs to get resolved. So it's going to put a lot of information around those security vulnerabilities all in one place.

Brenda Burrell:

This is also going to enable proactive repo scanning. So instead of waiting until something ships to flag a security issue, the security tab is going to have a dedicated dashboard that's going to show you... It's going to scan your package dependencies and your Docker files and is going to show you those results. So you'll have that insight into your security before you ever ship. You'll see the number of vulnerabilities in these repos. They'll be grouped by a risk score of low, medium, and high. This is a score that Snyk gives it weighted by maturity and severity. So how long has it been around and how severe is it, helping you prioritize which ones you're going to work on, and gives you contextual information with advice on how to fix the risks. Here are your problems. Here's what you got to do. Amazingly, this is going to make it a lot easier to fix problems like this while you're developing it, instead of waiting until after the fact having to release a batch.

Brenda Burrell:

There will be pull request scanning inside code insights, code insights gives users report sanitations and metrics to help improve code quality during the review process. As code goes into a pull request, Snyk can scan it for vulnerabilities and license issues, enabling you to catch them early. So this is a lot of good stuff for bringing security testing into your CICD as well. There's a Snyk pipe in BitBucket pipelines, which allows you to add automated security testing. So just a few configuration lines into BitBucket-pipelines.YML. You can scan dependencies for vulnerabilities automatically. So there's more information, there's a lot of good stuff in this blog post, which again, we'll link to in this episodes show notes, apologies again, that it's coming a little bit late. Better late than never, it's important that we get this to you. A lot of really good stuff for a BitBucket cloud. So whether you're doing BitBucket server and you're excited about 7.13, or you're doing BitBucket cloud, and you want to get onboard with all of these new changes, there is something for you. At the end of this show check out the show notes, go see what you need to do with BitBucket.

Ryan Spilken:

Brenda, if I start using Snyk in BitBucket cloud, am I doing DevSecOps?

Brenda Burrell:

Yes. Yes you are.

Ryan Spilken:

Oh, nice.

Brenda Burrell:

Are you? Do we know? Does anyone know?

Ryan Spilken:

Finally some updates from our favorite card based project management tool, Trello. Trello has updated Butler again and now it's getting even further into making Trello a complete sort of enterprise-esqu team management tool. It's getting bigger. It's getting scalable because these new automations are designed to add, start and end dates in the right place, and then allow you to do actions such as triage work, view things within the timeline and calendar view, and just generally get more aligned across Trello boards. So it's just making the branching easier to do. You'll see this blog post on our show notes, they've also enhanced the power up directory, and if you are in the market for Trello power-ups may I cheekily recommend you check out Orah apps by Adaptavist.

Brenda Burrell:

You being cheeky? I never.

Ryan Spilken:

And with that, we've reached to the end of episode 118. Listeners, thank you so much. We really appreciate it. If you want to get ahold of us and let us know how we can make the show better, reach out to us on social at Adaptavist somebody will let us know. Hint: it's me. So, we're Brenda Burrell I'm Ryan Spilken and we'll see you next time on Adaptavist Live.