Skip to main content

Atlassian JIRA Integration

Image result for atlassian Jira logo

JIRA is a proprietary issue tracking product thatprovides bug tracking, issue tracking, and project management functions. It may be used as a more general "issue tracker" rather than solely a bug tracker, tracking new feature requests, system admin tasks, Scrum tasks or any other feature that its users might require. JIRA is written in Java and also integrates seamlessly with source control programs such as Git, Perforce, Subversion, and Team Foundation Server.

Overview

You can configure CxSAST projects to enable creating JIRA issues directly from vulnerability instances. Once integration is configured, when you view scan results in the CxSAST web interface, you'll be able to submit JIRA issues.

The following steps describe the flow for using JIRA from within CxSAST:

  1. Review scan results in CxSAST.

  2. Mark the results to be fixed as ‘Confirmed’.

  3. Click ‘Open Ticket’ to open JIRA tickets for the confirmed results.

  4. Developers get the JIRA tickets and fix the code, mitigating the vulnerabilities detected.

  5. Repeat the CxSAST scan. If the fix is supported by CxSAST, the findings will be removed from the new scan results.

  6. The Security Engineer reviews the tickets of the issues that were resolved and decides if their JIRA tickets can be closed or if a different resolution is required.

Warning

The Security Engineer can view which issues were resolved by using the compare scans option - Comparing Scan Result Sets. Sometimes the code change can make a vulnerability ‘disappear’ but doesn’t actually resolve the security threat. For this reason, JIRA tickets are not closed automatically and should be reviewed and closed manually by the Security Engineer.