Configure Jira for Assess

After testing your Jira connection, you can configure Jira to create tickets based on triggers you've set.

Before you begin

Steps

  1. After Contrast connects to Jira, select Applications to add the Contrast applications that will trigger Jira tickets for security issues. You can also trigger Jira tickets only for applications with specific importance levels in Contrast. Select Application importance and add the application levels you want to use as a filter for Jira tickets.

    JiraDefaultEpic.png
  2. Use the Project nameDefault epic, Default assignee and Default issue type fields to set custom values for Jira tickets that Contrast creates. You can also map vulnerability severity levels in Contrast to Jira priority values to help teams groom security tickets. If you want to prefill additional Jira fields, select Add Jira field. Use the dropdowns to select the fields you want to add and the default value for the field.

    Note

    Changing the Project name or Default issue type also changes the related Jira fields and values available to you. Contrast will keep any selected values that also apply to the new project or issue type.

  3. Select the option to Enable two-way integration, if you want to change vulnerability status in Contrast every time an issue closes or reopens in Jira. This generates a URL that appears below the checkbox, which your Jira administrator must use to register a webhook in Jira.

    In Contrast, use the Vulnerability status dropdowns to configure how a Jira ticket status update will also change vulnerability resolution status.

    Note

    If you choose Not a problem as a status, Contrast requires you to enter a Reason in the dropdown. The default selection in the dropdown is Other.

    After you save the two-way integration, Contrast automatically tracks any status changes on related Jira tickets. You will see these as comments in the Activity tab for the vulnerability. Each comment includes the name of the Jira integration and a link to the ticket.

    Note

    Atlassian has deprecated the ability to registerer webhooks with non-https URLs. Therefore, Contrast on-premise users need to configure HTTPS before attempting to enable Jira two-way integration.

  4. If you want a new Jira ticket made when Contrast discovers a vulnerability, select the option to Automatically create tickets for new vulnerabilities discovered. Then select which Severity levels or Rules should trigger new Jira tickets.

    If Contrast creates a single Jira ticket for multiple vulnerabilities, the ticket status applies to all vulnerabilities associated with the ticket. If Contrast creates multiple tickets for a single vulnerability, all Jira tickets must close before Contrast can close the vulnerability.

    Note

    Automation options are not retroactive and will not generate Jira tickets for past vulnerabilities.

  5. Select Save and begin using your Jira integration. To remove the integration select Delete configuration.