Login Start Free Trial Login Start Free Trial
 

Atlassian Jira Cloud

jira

StackHawk’s official Jira Cloud integration.

Overview

The StackHawk Jira Cloud integration lets you identify and track scan findings within your Atlassian Jira workspace. The integration consists of a Jira Addon that is first installed from the Atlassian Marketplace (admin privileges required), and then connected back to a StackHawk Organization.

This integration works alongside the new StackHawk Security in Jira integration, and uses the same Atlassian marketplace addon. Enabling this integration also enables the Security in Jira integration.

Features

  • StackHawk can connect to a Jira Cloud Workspace, and HawkScan findings can be associated to new or existing Jira Cloud Issues from the StackHawk Platform.

Requirements

StackHawk:

  • You must have a StackHawk account.
  • Your StackHawk Organization must belong to a plan with Jira Cloud support enabled. Reach out to StackHawk Support to enable it.

Jira:

  • You must have login permissions to the Jira workspace you wish to add the integration to.
  • You must have sufficient administration permissions to install add-ons to your Jira Cloud workspace.

Scopes

With this integration you authorize StackHawk with the following Jira Cloud scopes:

  • Read access to the connected Jira Cloud workspace
  • Write access to the connected Jira Cloud workspace
  • Delete access to the connected Jira Cloud workspace

Setup

Click here to install the StackHawk for Jira Cloud add-on from the Atlassian Marketplace

The StackHawk for Jira App will first need to be installed from the Atlassian marketplace, before it can be connected to a StackHawk organization.

  1. Log into StackHawk and visit the Jira Cloud Integration page in StackHawk
  2. Click Enable Jira. This will generate the temporary integration token.
  3. Click the View In Marketplace button. This will open a new tab to add the StackHawk add-on from the Atlassian Marketplace.
  4. In the new tab, click Install to add the app in your Jira Cloud workspace and go through installation process. Once completed, you can press Get Started to authorize the add-on with your Jira Cloud workspace.

Token Authorization

Once the StackHawk add-on has been installed in Jira Cloud, a one-time integration token from StackHawk needs to be copied into Jira Cloud to connect the Jira Cloud Workspace with your StackHawk organization.

  1. After installing the app from the Marketplace, go to the Jira page in StackHawk.
  2. Copy the UUID integration token. Note: this key is time-sensitive, and will expire after one hour.
  3. In Jira Cloud, go to Apps > Manage Your Apps > StackHawk for Jira > Get Started.
  4. Paste the integration token into the StackHawk Integration Token field.
  5. If successful, your Jira Cloud workspace will now be connected to your StackHawk organization, and the integration completed.
  Integrate Stackhawk with Jira Screenshot  
  Stackhawk Integration Configuration  

Verify Installation

You can verify the Jira Cloud App installation at any time after configuring a integration token.

  1. Go to the Jira Cloud page in StackHawk.
  2. You should see a Connected to: <your workspace URL>, which indicates the integration has been linked to that Jira Cloud Workspace.

Usage

Send to Jira Cloud

With the Jira Cloud App installation verified, you can send a finding to Jira Cloud by creating a Jira Cloud Issue and associating it with a StackHawk scanner finding.

  1. Go to a finding detail in StackHawk Scans > Scan Details > Findings
  2. Click on the checkbox for a given Path, Status, Method
  3. Click on Actions > Send to Jira
  4. Fill out the Jira ticket details. Findings can be promoted with either a new Jira issue, or linked to an existing Jira issue.

Creating a JIra Issue in Stackhawk Platform Screenshot

Creating a New Issue: Select the project and issue type you want the created ticket to be associated with. The created issue will have details about those findings. Click Create Issue, and the Jira issue will be created and associated with the scan findings.

Linking a JIra Issue in Stackhawk Platform Screenshot

Linking an Existing Issue: Select the issue from the query search you want associated with your Jira ticket. The linked issue will receive a comment with the details of the vulnerability findings. Click Link Issue, and the Jira issue will be created and associated with the scan findings.

Jira Issue Created from Stackhawk Platform Screenshot

Other actions

Similar to sending to Jira Cloud, you can clear the status of a finding or change it to another status by selecting the Path, Status, and Method and selecting a different action.

Populating Additional Fields in Jira

If you want to populate additional fields in Jira, such as Components or Assignee, you can create a Jira Automation Rule to do so. That way, whenever you select “Send to Jira” in StackHawk, these additional fields will be set by the Jira Automation Rule. Creating Automation Rules may require certain permissions from your Jira Administrator.

For a simple rule that populates the same fields/values for every issue:

  1. In your Jira Project, click on Project settings > Automation
  2. Navigate to Rules, and click on the Create rule button
  3. For New trigger, select Issue created > Save
  4. For Add component, select New condition > Issue fields condition
  5. For the issue fields condition, enter Field: Creator, Condition: equals, Value: StackHawk for Jira
  6. Select New action > Edit issue and set the field(s) you want to populate.

For a more complex rule that can set different fields/values for different apps:

  1. Follow steps 1-5 above.
  2. Select New branch > Branch rule / related issues > Current issue > Save
  3. Select New condition > Issue fields condition
  4. For the issue fields condition, enter Field: Description, Condition: contains, Value: App: <app name>
  5. Select New action > Edit issue and set the field(s) you want to populate.
  6. To add additional conditions, click on the Add component link at the bottom of the tree and repeat steps 2-5 above.

Jira Automation Rules Documentation

TroubleShooting

Custom Fields on Jira Issue Types

It is not uncommon for a Jira Cloud project to have custom fields on their issuetypes. This is a feature provided by Atlassian, but can affect StackHawk ticket creation. If your project’s IssueType has additional custom fields, make sure they also have an acceptable default value defined:

Jira Custom Fields Configuration

Removing the Jira Cloud Integration

The Jira Cloud integration can be disconnected from the authorized StackHawk organization, or from the Jira Cloud Integration page.

  1. Go to the Jira Cloud Integration page in StackHawk.
  2. Click Remove Integration
  3. From your Jira Workspace, go to Apps > Manage Your Apps > StackHawk for Jira
  4. Click Uninstall

Feedback

Have any suggestions, feature requests, or feedback to share? Contact StackHawk Support .