Jira Integration
Introductionβ
Integrating Jira in Conviso Platform will let developers gain productivity while we do all the hard work by automating the whole vulnerability management triage process.
New vulnerabilities identified in Conviso Platfom are created in real time directly in Jira.
With our two-way integration capability, every status update from both solutions are automatically updated in order to reduce the toil and increase productivity.
Prerequirementsβ
To set up the integration, you'll need the following information:
-
Jira's website address.
-
Email or Username associated with Jira.
-
API Token for authentication purposes. See how to get the API Token from Jira.
Usageβ
To seamlessly integrate Conviso Platform with Jira, follow these step-by-step procedures:
1 - Configure the initial integration setup between Conviso Platform and Jira
2 - Synchronize vulnerability statuses between Conviso Platform and Jira
Configure the initial integration setup between Conviso Platform and Jiraβ
Follow the instructions below to complete the integration setup.
Step 1 - First, access Jira and copy the URL of your site, as shown in the image below:
Step 2 - Next, to generate the API Token, visit the following link. After clicking the Create API token button, as shown in the image above, copy the API key.
Step 3 - Now that you have the required information, go to Conviso Platform, look for the Integrations on the left side menu, choose Defect Tracking and finally click the Connect button just below Jiraβs card, as illustrated in the example image below:
Step 4 - Then, enter all Jira information in the fields requested by Conviso Platform, as demonstrated in the initial integration setup section.
Note: The Verify SSL checkbox must be checked only if the certificate associated with Jira is issued by a Public Certificate Authority. For Private CAs or self-signed certificates, use https:// at the site address URL and leave this box unchecked.
Step 5 - Severity Mapping refers to Jira's two-way integration with Conviso Platform. Select which severity will be referenced to Jira's priority:
Step 6 - Then, in Configuration, click on the Add button to start pairing Conviso Platform Projects with Jira Projects:
Step 7 - At the drop-down list New Project Documentation, select the Conviso Platform Project you want to associate with your Jira Project, which will be chosen at the Jira Project drop-down list . You can also perform Issue and status configuration.
Step 8 - After mapping all Conviso Platform statuses to Jira statuses, click on the Save button.
Step 9 - Click on the Check Integration Connection button to check if the platform connects with Jira server. If the connection is successful you will see the following message:
Step 10 - After saving your integration configuration, you may want to review, modify or delete it from Conviso Platform. To do so, at your integration configuration panel, choose the Edit icon to review or change it; if you want to completely delete it, use the Trash icon at its right:
Step 11 - Whenever a new vulnerability is detected, it is automatically sent to the project in Jira, as shown in the image below:
Synchronize vulnerability statuses between Conviso Platform and Jiraβ
This feature allows seamless bidirectional synchronization of vulnerability statuses between Conviso Platform and Jira.
Step 1 - First, to begin, you need to have saved the Token for the integration between Jira and Conviso Platform.
To generate the integration token from Conviso Platform, go to the left menu, choose Integrations, click on Defect Tracking, and then click Connect for Jira. Copy the token displayed in the following window by clicking on the eye icon and then the copy icon:
Step 2 - To start configuring a Webhook, you need to obtain an external access code that will be used in the Conviso Platform application. Go to Jira Administration console (1) and System (2). In the menu on the left, look for Webhooks (3), as shown in the image below:
Step 3 - Configure the Webhook URL:
In the URL field, use the following predefined URL with your token appended at the end:
https://app.convisoappsec.com/api/v1/integrations/jira/update_vulnerability?issue_key=${issue.key}&project_key=${project.key}&jira_authorization_token=YOUR_JIRA_TOKEN
Note: Replace "YOUR_JIRA_TOKEN" with the token obtained from Conviso Platform under Jira integration configuration.
Step 4 - Activate the issue event and click "updated" to finalize the Webhook creation:
How to find webhooks configuration in Jira?β
To access the webhooks configuration in Jira, you can follow these steps:
Open your web browser and enter the following URL: https://YOUR_SPACE_NAME.atlassian.net/plugins/servlet/webhooks#
Note: Replace YOUR_SPACE_NAME with the actual name of your Jira space.
By directly accessing this URL, you can navigate to the webhooks configuration page in Jira, where you can manage and set up webhooks for integrating with external applications like Conviso Platform.
Supportβ
Should you have any questions or require assistance while using the Conviso Platform, feel free to contact our dedicated support team.
Resourcesβ
By exploring our comprehensive content, youβll discover resources that will enhance your understanding of AppSec.
Conviso Blog: Access a wealth of informative videos covering various topics related to AppSec. Please note that the content is primarily in Portuguese.
Conviso's YouTube Channel: Engage with our informative podcast, where we discuss AppSec-related subjects, providing valuable insights and discussions. The podcast is conducted in Portuguese.
AppSec to Go - Conviso's Podcast on AppSec: Explore our blog, which offers a collection of articles and posts covering a wide range of AppSec topics. The content on the blog is primarily written in English.
