Jira integration configuration
This guide will walk you through the process of integration configuration
Follow this guide to configure AppSec Portal integration with Jira and define synchronization parameters for the Product Team Space or Security Team Space. This guide will also allow you to establish mappings for issue status and issue priority using the values you have specified in Jira, selecting them from dropdown lists.
Log in to your AppSec Portal instance
Navigate to the Settings->Integrations->Jira
Step 1. Authorization
Choose your preferred authorization method: Basic or OAuth
Enter the appropriate credentials for the chosen method:
For Вasic authorization, enter your Jira username and Auth token:
If you don't already have a Jira API token, you'll need to create one in Jira. You can do this by logging in to Jira and navigating to the 'API tokens' page in your profile settings (Atlassian account settings->Create and manage API tokens->Security). From there, you can create a new API token and use it to authenticate with AppSec Portal using basic authorization.
For OAuth, enter your Jira access token, access token secret, consumer key, and certificate file. To use Jira OAuth, you need to create an application link between Jira and AppSec Portal. You can find detailed instructions on how to create an application link here.
Step 2. Issue Status Mapping
Configure the mapping between finding statuses and Jira issue statuses. Select from dropdown list one or more issue statuses to be automatically set in Jira when findings statuses change.
Step 3. Default Team Spaces
Set default security space and default product space to save time from configuring them in product settings. This configuration is global and will be automatically assigned to all newly created products. You may set specific product and security space in product setting if it's necessary.
Choose Product Team Space or Security Team Space for status and priority mapping and toggle the switch accordingly
Team space ("Product team space" or "Security team space"): Enter space name for product and/or security team
Issue type for the corresponding space: Select from dropdown list
Issue status for resolved findings: Select from dropdown list
Issue status for rejected findings: Select from dropdown list
components: Select from dropdown list
push due date: Select from dropdown list
Step 4. Webhook integration
Enable webhook integration: Activate real-time communication and updates between AppSec portal and Jira by toggling the switch Webhook Url: Use this the Webhook URL for establishing a connection between the systems
Please note that for a successful integration with Jira, you must ensure that the web address specified in the 'Webhook Url' field ends with a slash ('/'). Otherwise, the integration may not work correctly.
Step 5. Issue Priority Mapping
Optionally, establish a mapping between finding severity and Jira issue priority.
Ensure all projects in your Jira instance have the "Priority" field before configuring. In case of any modifications to the priority descriptions in Jira after configuring the mapping, the AppSec Portal will not update them.
Activate Enable priority mapping by toggling the switch
Configure the mapping between Finding severity and Jira issue priority from the dropdown lists
Step 6. Close Security Issue if corresponding Product Issue is done
Choose this option to automatically transition Security Team Issues to a selected resolution status when the corresponding Product Team Issue is marked as resolved in Jira.
Step 7. Delete issues for rejected findings
Activate this option to delete issues associated with rejected findings in Jira.
If you choose to dismiss a finding in Jira ("False Positive"), the portal may send a request to delete the corresponding task in Jira, given the deletion option is enabled. Please exercise caution and be aware that dismissing findings can lead to task removal in the connected Jira system
Congratulations! You can now create and update tasks in AppSec Portal, and they will be automatically reflected in your Jira instance. 🎉
Last updated