Try JFrog
Guides
Contact SupportTry JFrog
Start typing to search…
  1. Integrations
  2. JFrog Platform Integrations

JFrog Security in Jira - Atlassian Application

The JFrog Security in Jira solution provides you with the capability to integrate your JFrog Platform with your Jira Software Cloud project, enabling enhanced tracking and resolution of unplanned security tasks and vulnerabilities in a more efficient manner.

By utilizing this application, you can easily connect your JFrog Xray Watches and Policies, enabling the direct streaming of violation data to your designated Jira projects. This integration allows you to selectively link specific resources from each Watch, allowing all violations pertaining to the chosen resource to be readily accessible through the Security tab within Jira.

If you need help with this integration, contact [email protected].

Requirements

  • You must be a user with Admin permissions to create a webhook for Xray.
  • Your organization must have an active Jira instance.
  • You must have site Admin permissions in your Jira instance.

Configuration Overview

To setup JFrog Security to work with Jira:

Task

Description

For more information, see...

1

Connect JFrog Security to Jira

Provide the JFrog URL and Admin Access Token to Configure JFrog Security in Jira.

Connect JFrog Security to Jira

2

Add Workspaces

Add Workspaces in Jira to connect Policies and watches.

Step 2 Add Workspaces

Connect JFrog Security to Jira

Connecting JFrog Security to Jira requires providing the JFrog URL and an Admin Access Token. Follow these steps to obtain both.

To obtain the Admin Access token:

  1. Log in to the JFrog Platform.

  2. From the Administration tab, navigate to User Management > Access Tokens > Generate Token.

  3. Define the following:

    1. Ensure that Scoped token is selected.
    2. Add an optional description for your access token.
    3. Select Admin in Token Scope.
    4. In the User name field, enter your JFrog platform's user name.
    5. Select "Artifactory & Xray" as a Service
    6. Ensure that "Never" is selected as the expiration time.
    7. Uncheck "Create Reference Token".
    8. Click  Generate.

  4. Use the "Copy" button to copy your admin access token.

Obtain the JFrog URL

It is the domain URL of your JFrog enterprise application, such as https://example.jfrog.com.

To obtain the JFrog URL:

In Jira:

  1. Select  the Security tab
  2. Select Xray Atlassian application, and install it.
  3. Click on Configure your security tools:
  4. You will be redirected to the JFrog Xray App.
  5. Connect the JFrog Platform to Jira by providing the JFrog URL and Admin Acces Token you obtained in the previous steps.
  6. To verify the connection, navigate to the "Security" tab of your project and check that the "Configure your security tools" step is marked as completed.

Add Workspaces

Xray Policies and Watches must be configured for the JFrog Security in Jira application to automate monitoring and management of software artifacts for vulnerabilities and security violations. Check our resources page for more info.

Within JFrog Security in Jira, a Workspace is a Policy that is attached to a Watch. Each selected Workspace contains resources, which are equivalent to containers. Any violations related to these Policies will appear under the Security tab. Once the Workspaces have been added, map the containers in the project to see the related violations on the Project Page.

To add workspaces:

  1. Navigate to the "Workspaces" page in the menu.
  2. Click on "Add Workspace."
  3. In the "Add Workspaces" pop-up, select the Policies that are attached to a Watch from the list of available Watches.
  4. Click "Save" once finished selecting the desired workspaces.
  5. All selected workspaces will appear in the "Your workspaces" table.
  6. After completing the Workspaces process, go to the "Security" tab of your project and verify that the "Configure your security tools" step is marked as completed.

Map the Containers to Your Jira Project

  1. Click on "Link security containers".

  2. Under "JFrog Security in Jira", click on "+ Add security container or "+".

  3. An "Add container" pop-up will appear.

    1. In the left dropdown, select the desired workspace.
    2. In the right dropdown, select all the resources from that workspace.

  4. Click "Add container" to add the resources to your Jira project.

  5. Perform operations on the added resources, by clicking on the "..." icon linked to the resource:

    1. "Open in JFrog Xray" will open JFrog's Xray Platform, where you can view detailed information about the selected resource.
    2. "Open in Security" will take you to Jira Security, where you can review specific details about vulnerabilities associated with the selected resource.
    3. "Remove connection" will remove the resource from your current setup.

  6. In the Security tab, create a Jira ticket using "Create issue" in the Vulnerabilities table.

Updated 2 months ago