StackHawk’s official Jira Cloud integration.
The StackHawk Jira Cloud integration lets you identify and track scan findings within your Atlassian Jira Cloud workspace. The integration consists of a Jira Addon that is first installed into your Jira Cloud workspace from the Atlassian Marketplace (admin privileges required), and then connected back to a StackHawk Organization with an Integration Token to support communication with StackHawk.
This integration specifically supports Jira Cloud. StackHawk also provides a Jira Data Center integration, for use with instances of on-premises Jira Data Center software.
- HawkScan findings can send and associate scanner findings to a Jira Cloud Workspace as new or existing Jira Cloud Issue.
- You must have a StackHawk account.
- Your StackHawk Organization must belong to a plan with The Jira Integration enabled. Reach out to firstname.lastname@example.org to enable it.
- Must NOT have Jira Data Center integration installed. Only one instance of Project Management Integration is currently allowed.
You must have login permissions to the Jira workspace you wish to add the integration to.
You must have sufficient administration permissions to install add-ons to your Jira Cloud workspace.
Your Jira Cloud Project must have a defined “Bug” issue type, which is not present for all Jira Cloud Project workspaces by default. See Adding the bug issue type to your Jira project for more details.
With this integration you authorize StackHawk with the following Jira Cloud scopes:
- Read access to the connected Jira Cloud workspace
- Write access to the connected Jira Cloud workspace
The StackHawk for Jira App will first need to be installed from the Atlassian marketplace, before it can be connected to a StackHawk organization.
- Log into StackHawk and visit the Jira Cloud Integration page in StackHawk
Enable Jira. This will generate the temporary integration token.
- Click the
View In Marketplacebutton. This will open a new tab to add the StackHawk add-on from the Atlassian Marketplace.
- In the new tab, click
Installto add the app in your Jira Cloud workspace and go through installation process. Once completed, you can press
Get Startedto authorize the add-on with your Jira Cloud workspace.
Once the StackHawk add-on has been installed in Jira Cloud, a one-time integration token from StackHawk needs to be copied into Jira Cloud to connect the Jira Cloud Workspace with your StackHawk organization.
- After installing the app from the Marketplace, go to the Jira page in StackHawk.
- Copy the UUID integration token. Note: this key is time-sensitive, and will expire after one hour.
- In Jira Cloud, go to
Apps > Manage Your Apps > StackHawk for Jira > Get Started.
- Paste the integration token into the
StackHawk Integration Tokenfield.
- If successful, your Jira Cloud workspace will now be connected to your StackHawk organization, and the integration completed.
You can verify the Jira Cloud App installation at any time after configuring a integration token.
- Go to the Jira Cloud page in StackHawk.
- You should see a
Connected to: <your workspace URL>, which indicates the integration has been linked to that Jira Cloud Workspace.
With the Jira Cloud App installation verified, you can send a finding to Jira Cloud by creating a Jira Cloud Issue and associating it with a StackHawk scanner finding.
- Go to a finding detail in StackHawk
Scans > Scan Details > Findings
- Click on the checkbox for a given Path, Status, Method
- Click on
Actions > Send to Jira
- Fill out the Jira ticket details. Findings can be promoted with either a new Jira issue, or linked to an existing Jira issue.
Creating a New Issue: Select the project you want the created ticket to be associated with. The created issue will be made with the
Bug issue type. The created issue will have details about those findings. Click Create Issue, and the Jira issue will be created and associated with the scan findings.
Linking an Existing Issue: Select the issue from the query search you want associated with your Jira ticket. The linked issue will receive a comment with the details of the vulnerability findings. Click
Link Issue, and the Jira issue will be created and associated with the scan findings.
Similar to sending to Jira Cloud, you can clear the status of a finding or change it to another status by selecting the Path, Status, and Method and selecting a different action.
A Jira Cloud project has defined issue types. Jira Classic Software Projects will have the
Bug issue type defined by default, however Jira Next-Gen Software Projects and Jira Core Projects will not include this issue type by default. To send created issues to these projects, you will have to add a
Bug issue type:
- In your Jira Cloud project workspace, go to
Settings > Issues
Issue types > Add issue type
- Add a standard Issue Type named
Bug, and make sure it has “Summary”, “Description” and “Environment” description fields assigned.
The created Bug issue type will be used for Jira Issues created from the StackHawk platform for that project.
It is not uncommon for a Jira Cloud project to have custom fields on their issuetypes. This is a feature provided by Atlassian, but can affect StackHawk ticket creation. If your project’s Bug IssueType has additional custom fields, make sure they also have an acceptable default value defined:
The Jira Cloud integration can be disconnected from the authorized StackHawk organization from the Jira Cloud Integration page.
- Go to the Jira Cloud Integration page in StackHawk.
- In Jira Cloud, go to
Apps > Manage Your Apps > StackHawk for Jira
Have any suggestions, feature requests, or feedback to share? Drop us a line at email@example.com