Jira integration
Integrating with Jira
Prerequisites
- Ensure that you have Jira permissions and you are familiar with the Jira configurations in your organization.
- Jit supports software development project types in Jira only.
Integrating Jira with Jit streamlines the process of assigning security-related tickets directly to Engineering and Security teams from the Jit platform. Learn more about this here.
Note: It is recommended to set up a new user in Jira for this integration and not to link this to a specific individual's personal account.
Integration steps
- Step 1: Create an API token in your Atlassian account.
- Step 2: Assign a secret to the API token in Jit.
- Step 3: Configure the integration in Jit.
Step 1: Create an API Token in Your Atlassian Account
-
Log in to your Atlassian account.
-
Navigate to API token.
- Click Create API Token.
- Assign a Label for easy identification, like
jit_token. - Click Create, then Copy to clipboard the generated token.
Learn more in Atlassian documentation.
Step 2: Assign a Secret to the API Token in Jit
-
In the Jit platform, go to Settings > Secrets.
-
Click Create new secret and add the API token you created. It's recommended to name the secret something recognizable, like
jira_token.
Learn more about managing Jit Secrets.
Step 3: Configure the Integration in Jit
-
In the Jit platform, go to Integrations and locate the Jira tile.
-
Click Integrate as-code to open the jit-integration.yml file in your centralized Jit repository.
-
Copy and paste the Jira integration-structure at the end of the file.
jira:
`jira_integration_name`:
auth:
api_token: ${{ jit_secrets.`secret_name` }}
email: `email_address`
domain: `jira_domain_name`
preferences:
project_id: `jira_project_id`
issue_type_id: `jira_issue_type_id`
fields:
`customfield_XXXXX`:
- value: "`customfield_XXXXX_value`"
components:
- name: "`component_YYY`"
- Replace the placeholders with your specific information as outlined in the table below:
Your Jira organization domain name can be extracted from your Atlassian URL.
| Key | Value |
|---|---|
| jira_integration_name | Name this integration, possibly after your Jira project, e.g., Engineering. |
| secret_name | The name you assigned to the secret in Step 2, e.g., jira_token. |
| email_address | The security champion's email (listed in the Atlassian account). |
| jira_domain_name | Your Jira organization domain name can be extracted from your Atlassian URL (described above). See Verify a domain to manage accounts. |
| jira_project_id | See How to get Jira Project ID. |
| issue_type_id | See Finding the ID for Jira issue types. Choose the default issue type ID (e.g., the ID of Story or Incident types). |
| customfield_XXXXX, customfield_XXXXX_value | If applicable, add any custom fields with default values. Remove if not used. Read more on Jira custom fields here or by trying to edit them. |
| component_YYY | Include relevant components here if used in your project. Remove if not used. |
Adjust or remove the fields key as needed for your Jira setup. For more options, see the Jira Create Issue POST API here.
For example:
jira:
Engineering:
auth:
api_token: ${{ jit_secrets.jira_token }}
email: [email protected]
domain: Jit
preferences:
project_id: 10200
issue_type_id: 10001
fields:
customfield_10007:
- value: "security"
assignee:
id: "9990a2b5896d10ebd47114df"
components:
- name: "Development"
Updated about 2 months ago