Jira using OAuth
This document is for Invicti Platform
Integrating Invicti Platform with Jira automates vulnerability tracking. Instead of manually creating tickets, Invicti automatically generates Jira issues for detected vulnerabilities, streamlining your software development and bug-fixing process, and allowing you to prioritize and remediate issues. This integration ensures security is built into your development workflow.
This document explains how to integrate Invicti with Jira in 3 steps:
- Step 1: Configure Invicti
- Step 2: Submit vulnerabilities to Jira
- Step 3: Jira integration Webhook
Prerequisites
SSL certificate requirements
While using self-signed certificates with Invicti on-premises and/or Jira on-premises is possible, it's not supported for setups that involve integrating Invicti with Jira:
-
If you are using Invicti on-premises, the Invicti configuration must have a valid SSL/TLS certificate, signed by a globally trusted certificate authority.
-
If you are using Jira on-premises, the Jira configuration must have a valid SSL/TLS certificate, signed by a globally trusted certificate authority.
noteThe configuration of SSL/TLS certificates on your Jira server is outside the scope of Invicti support.
-
Be aware that Jira requires this configuration, particularly for webhooks.
Other requirements
Before integrating Invicti with Jira, ensure you meet the following requirements:
- You have a valid Jira account.
- You have created a Jira project where Invicti is going to send all the found vulnerabilities.
- You have configured Jira work item types to align with Invicti severity levels.
- Your Jira system allows incoming API requests. Follow the appropriate trustlist instructions:
Step 1: Configure Invicti
-
In Invicti, choose Integrations from the left-side menu.
-
Switch to the All integrations tab.
-
Scroll down to the Issues trackers and click Configure in the Jira tile.
-
In the Configure and authorizate section:
a. Enter a name for your integration. This document uses Invicti & Jira OAuth as an example.
b. Fill in the Jira base URL.
c. Choose the OAuth 2 Authentication type.
d. Click Validate & load projects to load your project and issue details.
e. On the new window, use Accept to allow Invicti Platform to access your Atlasian account.
-
In the Project configuration section, provide the following details:
a. Choose a Project from the drop-down list. This is where Invicti is going to send the found vulnerabilities.
b. Specify the Issue type as Vulnerability.
c. In the Issue title formatting field, choose the format for the work item title.
d. For the Included details field, use the drop-down menu to specify the information to include in the work item details.
e. Optionally, pick Yes to include a link to the report and attach a PDF report.
f. Click Next.
-
In the Issue mappings section:
a. Copy and save the Webhook URL value for later use in the Jira configuration.
b. Set your Bi-directional issue status mappings - you can choose any status from your Jira configuration.
-
Next, assign field values. These items change based on the selected Project and Work item type.
-
Assign Field mappings: Map Invicti Vulnerability severity levels to Jira severity values.
-
In the Field mappings panel assign Invicti fields to Jira fields or values. You have the option to add more field values. Use the Add New button to do so.
-
Use the Create sample issue to test the configuration. Then, use Save and Finish to complete the setup.
-
The vulnerability is now created and visible in your Work items list in the selected Jira project.
Step 2: Submit vulnerabilities to Jira
After identifying vulnerabilities, you can forward them to the designated issue tracker. The process is consistent across all supported issue trackers. For detailed instructions, refer to the linked documents.
Step 3: Jira integration Webhook
For Jira integration using OAuth, the webhooks are configured automatically. There is no need to configure these.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center