Search

HawkScan and Jira

jira

StackHawk’s official Jira Cloud integration.

Overview

The StackHawk Jira integration lets you identify and track scanner findings within your Atlassian Jira Cloud workspace. The integration consists of a Jira App that has to be first installed into your Jira workspace to support communication with StackHawk.

Features

  • HawkScan findings can send and associate scanner findings to a Jira Workspace as a new or existing Jira Issue.

Requirements

StackHawk:

  • You must have a StackHawk account.

Jira:

  • You must have login permissions to the Jira workspace you wish to add the integration to.

  • You must have sufficient Administration permissions to install add-ons to your jira workspace.

Scopes

With this integration you authorize StackHawk with the following Jira scopes:

  • Read access to the connected Jira workspace
  • Write access to the connected Jira workspace

Setup

Click here to install the StackHawk for Jira add-on from the Atlassian Marketplace

The StackHawk for Jira app will first need to be installed from the Atlassian marketplace, before it can be connected to a StackHawk organization.

  1. Log into the StackHawk web app
  2. Visit the Jira Integration page in StackHawk
  3. Click Enable Jira
  4. Click the View In Marketplace button. This will open in a new tab in Jira Marketplace. There the
  5. In the new tab, click Install to install the app in your Jira workspace and go through installation process. Once completed, you can press Get Started to authorize the add-on with your Jira workspace.

Token Configuration

Once the StackHawk application have been installed in Jira, a one-time verification token from StackHawk needs to be manually copied into Jira to authorize the new application.

  1. After installing the app from the Marketplace, go to the Jira page in StackHawk.
  2. Copy the UUID key. Note: this key is time-sensitive, and will expire after one hour.
  3. In Jira, go to Apps > Manage Your Apps > StackHawk for Jira > Get Started.
  4. Paste the UUID key into the StackHawk Integration Token field.
   
   

Verify Installation

You can verify the Jira app installation at any time after configuring a integration token.

  1. Go to the Jira page in StackHawk.
  2. You should see a Connected to: <your workspace URL>, which indicates the integration has been linked to that Jira Workspace.

Usage

Send to Jira

With the Jira App installation verified, you can send a finding to Jira new create a Jira Issue and associated it with a StackHawk scanner finding.

  1. Go to a finding detail in StackHawk Scans > Scan Details > Findings
  2. Click on the checkbox for a given Path, Status, Method
  3. Click on Actions -> Send to Jira
  4. Fill out the Jira ticket details. Findings can be promoted with either a new Jira issue, or linked to an existing Jira issue.

Creating a new issue: Select the project you want the created ticket to be associated with. The created issue will be made with the Bug issuetype. The created issue will have details about those findings. Click Create Issue, and the Jira issue will be created and associated with the scan findings.

Linking an existing issue: Select the issue from the query search you want associated with your Jira ticket. The linked issue will receive a comment with the details of the vulnerability findings. Click Link Issue, and the Jira issue will be created and associated with the scan findings.

Other actions

Similar to sending to Jira, you can clear the status of a finding or change it to another status by selecting the Path, Status, and Method and selecting a different action.

Removing the Jira App

The Jira integration can be disconnected from the authorized StackHawk organization from the Jira Integration page.

  1. Go to the Jira Integration page in StackHawk.
  2. Click Remove Integration
  3. In Jira, go to Apps -> Manage Your Apps -> StackHawk for Jira
  4. Click Uninstall

Limitations

  • At this time, a StackHawk organization can only be one-to-one mapped to a Jira workspace.

  • Only Jira Cloud workspaces are supported; Jira Server workspaces are not yet supported.

  • Created Jira Issues will be the Bug issuetype; this is currently not configurable.

  • Clearing the status of a finding will not remove or close a created or linked Jira issue.

Feedback

Have any suggestions, feature requests, or feedback to share? drop us a line at support@stackhawk.com