Integrate with Jira

Integrate Jira with Contrast to automatically generate tickets, synchronize comments and push notifications for your applications.

Prerequisites

  • Jira account credentials (username and API token for hosted, or username and password for on-premises Jira installations)

  • Permission to create issues in the target project

  • A running Jira instance accessible via HTTP to Contrast

  • A project to associate the application instrumented by Contrast

Connect

To connect Jira in Contrast:

  1. Go to Organization settings > Integrations in the user menu.

  2. Click Connect in the Jira row.

  3. In the Connect with Jira form, add the name for the bugtracker entry, the username and the API token or password for the account connected to Jira in the appropriate fields. The Jira URL must be accessible from the Contrast instance being configured.

    Note

    Contrast saves the username, API token or password, and the Jira URL entered in your configuration as a set of credentials.

  4. Once you complete the fields, click Test connection. This process may take a few moments depending on the number of your Jira projects. The test verifies that Contrast can reach the Jira instance and that the specified user is able to log in.

  5. Once connected, select the Applications for which you want to create ticket. You may also create tickets for applications with specific importance levels using the Application Importance field.

  6. Use the ProjectAssignee and Default Issue Type fields to customize the Jira tickets created as well as the Default Priority levels of tickets based on vulnerability severity levels reported in Contrast. The Additional Jira fields allow you to create custom tickets field and values, such as environments or organization-specific labels.

    Note

    If you change the Project or Issue type, required and additional fields are updated. However, Contrast keeps the selected values that apply to the new configuration.

Send multiple vulnerabilities

For multiple vulnerabilities sent to Jira in bulk as a single issue, the Jira ticket status applies to all vulnerabilities associated with that ticket. For multiple tickets tied to a single vulnerability, the vulnerability can only be closed when all the tickets are closed.

Create tickets automatically

Automatically create tickets in Jira for newly discovered vulnerabilities by checking the designated box in the configuration form. In the multiselect field that appears, choose the Rules and Severity levels of the vulnerabilities for which you want to generate tickets. The default selections are "Critical" and High."

Note

This selection does not generate tickets retroactively.