Manage Vulnerabilities with Jira

Many security teams manage remediation efforts by generating CSV or PDF reports spanning hundreds of pages and spend a lot of time breaking down exposures into actionable work items. InsightAppSec integrates with JIRA Cloud so that security teams can automate the creation and assignment of work items based on pre-configured rules.

This integration simplifies this process while allowing you to:

  • Create targeted and precise tickets with rules that can be reused across projects.
  • Customize ticketing templates to include as much security context as you need.
  • Let your remediation teams continue to use their existing tools and processes.

One-way integration

The connection between JIRA and InsightAppSec is a one-way integration. When a ticket is updated in JIRA, the status within your project does not change.

Requirements

You will need an API token for your JIRA cloud account. Learn how to generate Atlassian API tokens here: https://confluence.atlassian.com/cloud/api-tokens-938839638.html.

On-premise integration is not supported

The JIRA Cloud integration uses API tokens which on-premise integrations do not support.

Create a JIRA ticketing connection

  1. Click on the Administration icon in the sidebar.
  2. Go to Administration > Integrations and click Add a new JIRA server.
  3. In the New JIRA Server Connection form, enter a name for this new connection as well as the URL, username, and API Token of your JIRA cloud connection and press Save.
    • Make sure to verify that the username you’re entering is correct, otherwise your project keys may not show up.
    • You will see the Project Configurations for InsightAppSec screen where you can set up various configurations for your JIRA ticketing project. A configuration is a set of rules that InsightAppSec uses to determine the Type, Status, Priority, and contents of automatically generated tickets.
  4. Click New Configuration and complete the connection details.

Project information

  1. Enter mappings for InsightAppSec statuses and priority to JIRA statuses. For example, you may wish to show all 'Remediated' vulnerabilities in 'Done' state in JIRA.
  2. In the Ticketing Template tab, set up what the Summary and Description in the ticket will say. You can use the special syntax to have terms from vulnerability description to be automatically added to the ticket.
  3. Click Save.

Note

You can always edit the configuration in the future, but changing the Project Key or Issue type will reset all status and priority mappings.

Create JIRA tickets based on InsightAppSec vulnerabilities

  1. Visit the Scan Details page of any App for which you have set up a Project Configuration already, or the All Vulnerabilities page. Export to Jira button
  2. Select the vulnerabilities that you want to export and click Export to JIRA.

Note that changes to vulnerabilities in InsightAppSec are not automatically reflected in JIRA, and need to be explicitly ported using the 'Export to JIRA' functionality.