Jira integration

Integrating with Jira

📘

Prerequisites

  • Ensure that you have Jira permissions and you are familiar with the Jira configurations in your organization.
  • Jit supports software development project types in Jira only.

Integrating Jira with Jit streamlines the process of assigning security-related tickets directly to Engineering and Security teams from the Jit platform. Learn more about this here.

Integration steps

  • Step 1: Create an API token in your Atlassian account.
  • Step 2: Assign a secret to the API token in Jit.
  • Step 3: Configure the integration in Jit.

Step 1: Create an API Token in Your Atlassian Account

  1. Log in to your Atlassian account.

  2. Navigate to API token.

    1. Click Create API Token.
    2. Assign a Label for easy identification, like jit_token.
    3. Click Create, then Copy to clipboard the generated token.

Learn more in Atlassian documentation.

Step 2: Assign a Secret to the API Token in Jit

  1. In the Jit platform, go to Settings > Secrets.

  2. Click Create new secret and add the API token you created. It's recommended to name the secret something recognizable, like jira_token.

Learn more about managing Jit Secrets.

Step 3: Configure the Integration in Jit

  1. In the Jit platform, go to Integrations and locate the Jira tile.

  2. Click Integrate as-code to open the jit-integration.yml file in your centralized Jit repository.

  3. Copy and paste the Jira integration-structure at the end of the file.

jira:
  `jira_integration_name`:
    auth:
      api_token: ${{ jit_secrets.`secret_name` }}
      email: `email_address`
      domain: `jira_domain_name`
    preferences:
      project_id: `jira_project_id`
      issue_type_id: `jira_issue_type_id`
      fields:
        `customfield_XXXXX`:
          - value: "`customfield_XXXXX_value`"
        components:
          - name: "`component_YYY`"
  1. Replace the placeholders with your specific information as outlined in the table below:

Your Jira organization domain name can be extracted from your Atlassian URL.

KeyValue
jira_integration_nameName this integration, possibly after your Jira project, e.g., Engineering.
secret_nameThe name you assigned to the secret in Step 2, e.g., jira_token.
email_addressThe security champion's email (listed in the Atlassian account).
jira_domain_nameYour Jira organization domain name can be extracted from your Atlassian URL (described above). See Verify a domain to manage accounts.
jira_project_idSee How to get Jira Project ID.
issue_type_idSee Finding the ID for Jira issue types. Choose the default issue type ID (e.g., the ID of Story or Incident types).
customfield_XXXXX, customfield_XXXXX_valueIf applicable, add any custom fields with default values. Remove if not used.
Read more on Jira custom fields here.
component_YYYInclude relevant components here if used in your project. Remove if not used.

Adjust or remove the fields key as needed for your Jira setup. For more options, see the Jira Create Issue POST API here.

For example:

jira:
  Engineering:
    auth:
      api_token: ${{ jit_secrets.jira_token }}
      email: [email protected]
      domain: Jit
    preferences:
      project_id: 10200
      issue_type_id: 10001
      fields:
        customfield_10007:
          - value: "security"
        assignee:
          id: "9990a2b5896d10ebd47114df"
        components:
          - name: "Development"