Jira Integration
Introductionβ
Integrating Jira in Conviso Platform will let developers gain productivity while we do all the hard work by automating the whole vulnerability management triage process.
New vulnerabilities identified in Conviso Platfom are created in real time directly in Jira.
With our two-way integration capability, every status update from both solutions are automatically updated in order to reduce the toil and increase productivity.
Prerequirementsβ
To set up the integration, you'll need the following information:
-
Jira's website address.
-
Email associated with Jira.
-
API Token for authentication purposes. See how to get the API Token from Jira.
Usageβ
To seamlessly integrate Conviso Platform with Jira, follow these step-by-step procedures:
1 - Configure the initial integration setup between Conviso Platform and Jira
2 - Synchronize vulnerability statuses between Conviso Platform and Jira
3 - How to Modify the Policy to Automatically Create Issues in Jira
4 - How to Manually Create Issues in Jira
Configure the initial integration setup between Conviso Platform and Jiraβ
Step 1 - First, access Jira and copy the URL of your site, as shown in the image below:
Step 2 - Next, to generate the API Token, visit the following link. After clicking the Create API token button, as shown in the image above, copy the API key.
Step 3 - Now that you have the required information, go to Conviso Platform, look for the Integrations on the left side menu, choose Defect Tracking and finally click the Connect button just below Jiraβs card, as illustrated in the example image below:
Step 4 - Then, enter all Jira information in the fields requested by Conviso Platform, as demonstrated in the initial integration setup section:
The Verify SSL checkbox must be checked only if the certificate associated with Jira is issued by a Public Certificate Authority. For Private CAs or self-signed certificates, use https:// at the site address URL and leave this box unchecked.
Step 5 - Severity Mapping refers to Jira's two-way integration with Conviso Platform. Select which severity will be referenced to Jira's priority:
Step 6 - Then, in Configuration, click on the Add Project button to start pairing Conviso Platform Projects with Jira Projects:
Step 7 - Finally, to add a new project, select the Asset in Conviso Platform that you want to associate with your Jira Project. Then, choose the appropriate Jira Issue Type and map the Conviso Platform statuses to the corresponding Jira statuses. Once everything is configured, click Save.
Step 8 - After saving your integration settings, you can review, update, or delete the configuration in the Conviso Platform. To do so, go to your integration panel and click the Edit icon to review or make change changes; or the Trash icon to permanently delete the integration:
Step 9 - Whenever a new vulnerability is detected, it will be automatically sent to the linked Jira project, as shown in the example below:
Synchronize vulnerability statuses between Conviso Platform and Jiraβ
This feature allows seamless bidirectional synchronization of vulnerability statuses between Conviso Platform and Jira.
Step 1 - To begin setting up the bidirectional synchronization, copy the Webhook URL, as shown in the example below:
Step 2 - To configure the WebHook in Jira, go to the Administration Console (1) and then to System (2). In the left-hand menu, look for Webhooks (3), as shown in the image below:
Step 3 - Click Create a WebHook:
Step 4 - In the URL field, paste the Webhook URL you copied in Step 1.
Step 5 - Enable the issue event and check the updated option to complete the WebHook setup:
How to find webhooks configuration in Jira?β
To access the webhooks configuration in Jira, you can follow these steps:
Open your web browser and enter the following URL: https://YOUR_SPACE_NAME.atlassian.net/plugins/servlet/webhooks#
Replace YOUR_SPACE_NAME with the actual name of your Jira space.
By directly accessing this URL, you can navigate to the webhooks configuration page in Jira, where you can manage and set up webhooks for integrating with external applications like Conviso Platform.
How to Modify the Policy to Automatically Create Issues in Jiraβ
Conviso Platform allows you to enable a policy that defines which vulnerability severities will be automatically sent to Jira. To configure it, follow the steps below:
Step 1 - At the bottom of the sidebar menu, click on your Company name and then select Policies.
Step 2 - Enable the Transform vulnerabilities in issues at defect trackers policy. You can choose to send vulnerabilities of all severities (selecting All vuln) or enable only specific severities, as shown in the example below:
How to Manually Create Issues in Jiraβ
If you need to manually create a vulnerability in Jira, there are two available methods:
Creating a vulnerability in Jira from the vulnerability details pageβ
To create a vulnerability in Jira from the vulnerability details page, follow the steps below:
-
Go to the vulnerability details page.
-
Click the three-dot icon, as shown in the example below.
- Select Sync with defect tracker.
Creating a vulnerability in Jira via APIβ
To create a vulnerability in Jira using the API, follow the steps below:
- Retrieve the vulnerability ID.
- Execute the following mutation, replacing the ID with the one you retrieved:
mutation {
syncVulnerabilityWithDefectTracker(input: {id: <YOUR_VULNERABILITY_ID>}) {
issue {
id
}
}
}
If you need help using our API, click here.
Supportβ
Should you have any questions or require assistance while using the Conviso Platform, feel free to contact our dedicated support team.
Resourcesβ
By exploring our comprehensive content, youβll discover resources that will enhance your understanding of AppSec.
Conviso Blog: Access a wealth of informative videos covering various topics related to AppSec. Please note that the content is primarily in Portuguese.
Conviso's YouTube Channel: Engage with our informative podcast, where we discuss AppSec-related subjects, providing valuable insights and discussions. The podcast is conducted in Portuguese.
AppSec to Go - Conviso's Podcast on AppSec: Explore our blog, which offers a collection of articles and posts covering a wide range of AppSec topics. The content on the blog is primarily written in English.