Jira Integration

Integrating with Jira

Integrating Jira with Jit streamlines the process of assigning security-related tickets directly to Engineering and Security teams from the Jit platform. Learn more about this here.

Jit supports 2 methods of Jira integration. One is straight through the web app (recommended), and the other is through as-code configuration (old version).

Web app integration (recommended)

Quickstart

  1. In Jit's webapp, go to the Integrations page:

  2. Find the "Jira" card and click "Connect".

  3. You should now see a Jira integration window. Click on "Connect" at the top right corner.

    • You should now be prompted to install Jit's jira app to your Atlassian account.
    • After installing the app, you'll be prompted to select your desired project, as well as any relevant custom fields.
    • If your Jira configuration requires any custom fields, please set them now.

  4. Once you configured your project, you can now close the Jira window. From now on, you'll be able to create Jira tickets for findings and actions across the Jit platform.

Important note: Custom labels are not supported and will be overridden if set. Jira tickets will always be created with the Opened-by-Jit label.


As-code integration (old)

📘

Prerequisites

  • Ensure that you have Jira permissions and you are familiar with the Jira configurations in your organization.
  • Jit supports software development project types in Jira only.

Note: It is recommended to set up a new user in Jira for this integration and not to link this to a specific individual's personal account.

Integration steps

  • Step 1: Create an API token in your Atlassian account.
  • Step 2: Assign a secret to the API token in Jit.
  • Step 3: Configure the integration in Jit.

Step 1: Create an API Token in Your Atlassian Account

  1. Log in to your Atlassian account.

  2. Navigate to API token.

    1. Click Create API Token.
    2. Assign a Label for easy identification, like jit_token.
    3. Click Create, then Copy to clipboard the generated token.

Learn more in Atlassian documentation.

Step 2: Assign a Secret to the API Token in Jit

  1. In the Jit platform, go to Settings > Secrets.

  2. Click Create new secret and add the API token you created. It's recommended to name the secret something recognizable, like jira_token.

Learn more about managing Jit Secrets.

Step 3: Configure the Integration in Jit

  1. In the Jit platform, go to Integrations and locate the Jira tile.

  2. Click Integrate as-code to open the jit-integration.yml file in your centralized Jit repository.

  3. Copy and paste the Jira integration-structure at the end of the file.

jira:
  `jira_integration_name`:
    auth:
      api_token: ${{ jit_secrets.`secret_name` }}
      email: `email_address`
      domain: `jira_domain_name`
    preferences:
      project_id: `jira_project_id`
      issue_type_id: `jira_issue_type_id`
      fields:
        `customfield_XXXXX`:
          - value: "`customfield_XXXXX_value`"
        components:
          - name: "`component_YYY`"
  1. Replace the placeholders with your specific information as outlined in the table below:

Your Jira organization domain name can be extracted from your Atlassian URL.

KeyValue
jira_integration_nameName this integration, possibly after your Jira project, e.g., Engineering.
secret_nameThe name you assigned to the secret in Step 2, e.g., jira_token.
email_addressThe security champion's email (listed in the Atlassian account).
jira_domain_nameYour Jira organization domain name can be extracted from your Atlassian URL (described above). See Verify a domain to manage accounts.
jira_project_idSee How to get Jira Project ID.
issue_type_idSee Finding the ID for Jira issue types. Choose the default issue type ID (e.g., the ID of Story or Incident types).
customfield_XXXXX, customfield_XXXXX_valueIf applicable, add any custom fields with default values. Remove if not used.
Read more on Jira custom fields here or by trying to edit them.
component_YYYInclude relevant components here if used in your project. Remove if not used.

Adjust or remove the fields key as needed for your Jira setup. For more options, see the Jira Create Issue POST API here.

For example:

jira:
  Engineering:
    auth:
      api_token: ${{ jit_secrets.jira_token }}
      email: [email protected]
      domain: Jit
    preferences:
      project_id: 10200
      issue_type_id: 10001
      fields:
        customfield_10007:
          - value: "security"
        assignee:
          id: "9990a2b5896d10ebd47114df"
        components:
          - name: "Development"