# Jira integration configuration

Follow this guide to configure AppSec Portal integration with Jira and define synchronization parameters for the **Product Team Space** or **Security Team Space**.\
This guide will also allow you to establish **mappings** for **issue status** and i**ssue priority** using the values you have specified in Jira, selecting them from dropdown lists.

* Log in to your AppSec Portal instance
* Navigate to the Settings->Integrations->Jira

<figure><img src="https://3069717380-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M81VrXQrfSaYjNIFOtt%2Fuploads%2FnA6fdKfXtferZtyQI1eZ%2Fimage.png?alt=media&#x26;token=ce70bb2f-4e83-4ace-9ef0-7abd997b9d9a" alt=""><figcaption></figcaption></figure>

## Step 1. Authorization

Choose your preferred authorization method: **Basic** or **OAuth**

Enter the appropriate credentials for the chosen method:

* For **Вasic** authorization, enter your **Jira server URL**, **e-mail** and ***Auth token:***

{% hint style="info" %}
&#x20;If you don't already have a Jira API token, you'll need to create one in Jira. You can do this by logging in to Jira and navigating to the '**API tokens**' page in your profile settings ([**Atlassian account settings->Create and manage API tokens->Security**](https://id.atlassian.com/manage-profile/security/api-tokens)). From there, you can create a new API token and use it to authenticate with AppSec Portal using basic authorization.
{% endhint %}

<figure><img src="https://3069717380-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M81VrXQrfSaYjNIFOtt%2Fuploads%2FjDirctDLEAoXq0J5RDtm%2Fimage.png?alt=media&#x26;token=db388c25-b6fe-4ecd-8a19-67399c52019d" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3069717380-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M81VrXQrfSaYjNIFOtt%2Fuploads%2FAvYN2MtmoUTS52QZgHlO%2Fimage.png?alt=media&#x26;token=5c2f3b87-68cf-4399-a81e-daa7bbb8b338" alt=""><figcaption></figcaption></figure>

* For **OAuth**, enter your Jira server URL, access token secret, access token secret, consumer key, and certificate file. To use Jira OAuth, you need to create an *application link* between Jira and AppSec Portal. You can find detailed instructions on how to create an application link [here](https://developer.atlassian.com/server/jira/platform/oauth/).

<figure><img src="https://3069717380-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M81VrXQrfSaYjNIFOtt%2Fuploads%2F0SI5KPqC0MWPqOxjO5ip%2Fimage.png?alt=media&#x26;token=cd1cfe68-43ed-47b1-a460-f56dc543fe45" alt=""><figcaption></figcaption></figure>

## Step 2. Issue Status Mapping

Configure the mapping between finding statuses and Jira issue statuses. \
Select from dropdown list one or more issue statuses to be automatically set in Jira when findings statuses change.

<figure><img src="https://3069717380-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M81VrXQrfSaYjNIFOtt%2Fuploads%2Fkus3h4rlYNwY7OMvdhxh%2Fimage.png?alt=media&#x26;token=b3ce3794-8756-4c92-b64d-5b97a3eb58fd" alt=""><figcaption></figcaption></figure>

## Step 3. Default Team Spaces

Set default security space and default product space to save time from configuring them in product settings. This **configuration is global** and will be automatically assigned to all newly created products. You may set ***specific*** product and security space in [product setting](https://docs.whitespots.io/appsec-portal/features/working-with-products) if it's necessary.

* Choose **Product Team Space** or **Security Team Space** for status and priority mapping and toggle the switch accordingly
* **Team space** ("Product team space" or "Security team space"): Enter space name for product and/or security team
* **Issue type for** the corresponding space: Select from dropdown list
* **Issue status for** **resolved** findings: Select from dropdown list
* **Issue status for rejected** findings: Select from dropdown list
* **components**: Select from dropdown list
* **push due date**: Select from dropdown list

<figure><img src="https://3069717380-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M81VrXQrfSaYjNIFOtt%2Fuploads%2F4M6jcseBhajPN9rGeOOj%2Fjira%20due%20date.gif?alt=media&#x26;token=5f18fa84-9721-4eba-aed4-673168013645" alt=""><figcaption></figcaption></figure>

## Step 4. Webhook integration

**Enable webhook integration**: Activate real-time communication and updates between AppSec portal and Jira by toggling the switch\
**Webhook Url**: Use this the Webhook URL for establishing a connection between the systems

<figure><img src="https://3069717380-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M81VrXQrfSaYjNIFOtt%2Fuploads%2FvO6WQWxk6nIqqQAarGZq%2Fjira2.png?alt=media&#x26;token=d40f8484-3b1f-4d9c-80f5-4fa55f178afd" alt=""><figcaption></figcaption></figure>

{% hint style="warning" %}
Please note that for a successful integration with Jira, you must ensure that the web address specified in the 'Webhook Url' field ends with a slash ('**/**'). Otherwise, the integration may not work correctly.
{% endhint %}

## Step 5. Issue Priority Mapping

Optionally, establish a mapping between finding severity and Jira issue priority.<br>

{% hint style="warning" %}
Ensure all projects **in your Jira** instance have the "Priority" field before configuring. In case of any modifications to the priority descriptions in Jira **after** configuring the **mapping**, the AppSec Portal will **not update** them.
{% endhint %}

* Activate **Enable priority mapping** by toggling the switch
* Configure the mapping between **Finding severity** and **Jira issue priority** from the dropdown lists

<figure><img src="https://3069717380-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M81VrXQrfSaYjNIFOtt%2Fuploads%2FwRiwC6EN3g1bip9ItfS1%2Fjira3.png?alt=media&#x26;token=292599fc-f77f-485b-8786-4b110e9d265c" alt=""><figcaption></figcaption></figure>

## Step 6. Close Security Issue if corresponding Product Issue is done

Choose this option to automatically transition Security Team Issues to a selected resolution status when the corresponding Product Team Issue is marked as resolved in Jira.

<figure><img src="https://3069717380-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M81VrXQrfSaYjNIFOtt%2Fuploads%2FhHUNUAYbG40EOYTVbcXB%2FJira%20step%206.png?alt=media&#x26;token=f2f65fd9-b97c-4a5a-a023-de073fb5f6f4" alt=""><figcaption></figcaption></figure>

## Step 7. Delete issues for rejected findings

Activate this option to delete issues associated with rejected findings in Jira.

<figure><img src="https://3069717380-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M81VrXQrfSaYjNIFOtt%2Fuploads%2FSJFRuaKFtK3GxVgYFxYd%2Fjira%20step7.png?alt=media&#x26;token=42711068-031d-4e50-ad7c-d9bb7dd8f6f8" alt=""><figcaption></figcaption></figure>

{% hint style="warning" %}
If you choose to dismiss a finding in Jira ("False Positive"), the portal may send a request to delete the corresponding task in Jira, given the deletion option is enabled. Please exercise caution and be aware that dismissing findings can lead to task removal in the connected Jira system
{% endhint %}

***Congratulations***! You can now create and update tasks in AppSec Portal, and they will be automatically reflected in your Jira instance. :tada: