Many security teams manage remediation efforts by generating CSV or PDF reports spanning hundreds of pages and spend a lot of time breaking down exposures into actionable work items. InsightAppSec integrates with JIRA Cloud so that security teams can automate the creation and assignment of work items based on pre-configured rules.
The ticketing feature simplifies this process while allowing you to:
- Create targeted and precise tickets with rules that can be reused across projects.
- Customize ticketing templates to include as much security context as you need.
- Let your remediation teams continue to use their existing tools and processes.
One way integration
The JIRA integration is one way. When a ticket is updated in JIRA, the status within your project does not change.
On-premise integration is not supported
The JIRA Cloud integration uses API tokens which on-premise integrations do not support.
You will need an API token for your JIRA cloud account. Learn how to generate Atlassian API tokens here: https://confluence.atlassian.com/cloud/api-tokens-938839638.html.
Create a JIRA ticketing connection
- Click on the Administration icon in the sidebar.
- On the Administration page, click on the Add a new JIRA server link under the Integrations panel.
- In the New JIRA Server Connection form, enter a name for this new connection as well as the URL, username, and API Token of your JIRA cloud connection and press Save.
- You will see the Project Configurations for InsightAppSec screen where you can set up various configurations for your JIRA ticketing project. A configuration is a set of rules that InsightAppSec uses to determine the Type, Status, Priority, and contents of automatically generated tickets. Click on the New Configuration button.
- In the Configuration panel, provide a unique name for the configuration. Select the projects where you would like to apply this configuration, the JIRA Project Key, and the Issue Type (e.g. Task, Bug, Story).
You can always edit the configuration in the future, but changing the Project Key or Issue type will reset all status and priority mappings.
- Enter mappings for InsightAppSec statuses to JIRA statuses. For example, you may wish to show all 'Remediated' vulnerabilities in 'Done' state in JIRA.
- Enter mappings for Priority.
- In the Ticketing Template tab, set up what the Summary and Description in the ticket will say. You can use the special syntax to have terms from vulnerability description to be automatically added to the ticket. When all the required fields are completed, the Save button will be enabled. Press the Save button to save your configuration. If you wish to edit an existing JIRA connection, you will also be able to do so from the Integrations panel on the Administration page.
Creating JIRA tickets based on InsightAppSec vulnerabilities
- Visit the Scan Details page of any App for which you have set up a Project Configuration already, or the All Vulnerabilities page.
- Select the vulnerabilities that you wish to export and click on the Export to JIRA button.
Note that changes to vulnerabilities in InsightAppSec are not automatically reflected in JIRA, and need to be explicitly ported using the 'Export to JIRA' functionality.