Enterprise Software Supply Chain Manager (ESSCM)
JIRA Integration
Connect Safeguard.sh with JIRA for automated issue tracking
JIRA Integration
Integrate Safeguard.sh with Atlassian JIRA to automatically create issues for vulnerabilities and track remediation progress.
Overview
JIRA integration enables:
- Automatic issue creation for findings
- Bidirectional status synchronization
- Custom field mapping
- Workflow automation
- Team assignment rules
Supported JIRA Versions
| Version | Support |
|---|---|
| JIRA Cloud | ✅ Full Support |
| JIRA Server 8.x+ | ✅ Full Support |
| JIRA Data Center | ✅ Full Support |
Setting Up Integration
Step 1: Create API Token (JIRA Cloud)
- Go to Atlassian Account Settings
- Click Create API token
- Enter a label (e.g., "Safeguard.sh Integration")
- Copy the token (shown only once)
Step 1: Create Personal Access Token (JIRA Server/Data Center)
- Go to your JIRA profile → Personal Access Tokens
- Click Create token
- Enter a name and expiry
- Copy the token
Step 2: Configure in Safeguard.sh
- Go to Settings → Integrations → JIRA
- Click Connect JIRA
- Enter connection details:
| Field | Description |
|---|---|
| JIRA URL | Your JIRA instance URL |
| Your JIRA email (Cloud) or username (Server) | |
| API Token | The token you created |
- Click Test Connection
- Click Save
Step 3: Configure Project Mapping
Map Safeguard.sh organizations to JIRA projects:
- Click Configure Projects
- For each organization, select:
- JIRA Project - Target project for issues
- Issue Type - Bug, Task, Security, etc.
- Default Assignee - Auto-assign issues
Automatic Issue Creation
Trigger Rules
Configure when issues are created:
| Trigger | Description |
|---|---|
| New Critical Vulnerability | Create issue for critical CVEs |
| New High Vulnerability | Create issue for high severity |
| Gate Failure | Create issue when gate fails |
| Policy Violation | Create issue for policy violations |
Issue Template
Customize the issue content:
Summary: [SEVERITY] CVE-XXXX-XXXXX in {component}
Description:
*Vulnerability Details*
- CVE: {cve_id}
- Severity: {severity}
- CVSS Score: {cvss_score}
- Component: {component}@{version}
- Project: {project_name}
*Description*
{vulnerability_description}
*Remediation*
{remediation_advice}
*Links*
- [View in Safeguard.sh|{safeguard_url}]
- [NVD Entry|{nvd_url}]Custom Fields
Map Safeguard.sh data to JIRA custom fields:
| Safeguard Field | JIRA Field |
|---|---|
| Severity | Priority / Custom Field |
| CVE ID | Custom Field |
| Component | Labels / Custom Field |
| CVSS Score | Custom Field |
| Project | Labels |
Status Synchronization
JIRA → Safeguard.sh
When JIRA issues are updated:
| JIRA Status | Safeguard Action |
|---|---|
| Done / Resolved | Mark finding as resolved |
| Won't Fix | Create mitigation (risk acceptance) |
| Duplicate | Link to existing finding |
Safeguard.sh → JIRA
When findings are updated:
| Safeguard Action | JIRA Update |
|---|---|
| Finding resolved | Transition to Done |
| Mitigation added | Add comment with details |
| Severity changed | Update priority |
Configuring Sync
- Go to JIRA integration settings
- Click Status Mapping
- Map statuses between systems
- Enable bidirectional sync
Manual Issue Creation
Create JIRA issues manually:
From Findings Tab
- Select finding(s)
- Click Actions → Create JIRA Issue
- Review/edit issue details
- Click Create
From Vulnerability Details
- Open vulnerability details
- Click Create JIRA Issue button
- Customize as needed
- Click Create
Bulk Operations
Bulk Issue Creation
Create issues for multiple findings:
- Filter findings
- Select multiple items
- Click Bulk Actions → Create JIRA Issues
- Review and confirm
Bulk Linking
Link existing JIRA issues:
- Select findings
- Click Link JIRA Issues
- Enter JIRA issue keys
- Confirm links
Workflow Automation
JIRA Automation Rules
Create JIRA automation rules that trigger on Safeguard.sh issues:
Example: Auto-assign security issues
When: Issue created
If: Labels contains "safeguard-critical"
Then: Assign to Security TeamExample: Due date based on severity
When: Issue created
If: Labels contains "safeguard"
Then: Set due date based on priority
- Critical: +3 days
- High: +7 days
- Medium: +14 daysSafeguard.sh Automation
Configure automatic actions in Safeguard.sh:
| Condition | Action |
|---|---|
| JIRA issue closed | Rescan project |
| Issue reopened | Reopen finding |
| Comment added | Sync to finding |
Reporting
JIRA Dashboards
Create JIRA dashboards for security metrics:
- Open security issues by severity
- Issues by component
- Remediation velocity
- SLA compliance
JQL Queries
Use JQL to find Safeguard.sh issues:
# All Safeguard issues
labels = "safeguard"
# Critical security issues
labels = "safeguard-critical" AND status != Done
# Issues for specific project
labels = "safeguard" AND labels = "project-myapp"
# Overdue security issues
labels = "safeguard" AND due < now() AND status != DoneTroubleshooting
Connection Issues
| Issue | Solution |
|---|---|
| "Authentication failed" | Verify API token is correct |
| "Project not found" | Check project key exists |
| "Permission denied" | Verify user has create issue permission |
Sync Issues
| Issue | Solution |
|---|---|
| Status not updating | Check webhook configuration |
| Duplicate issues | Enable duplicate detection |
| Missing custom fields | Verify field mapping |
API Access
# List JIRA issues for a finding
curl -X GET https://api.safeguard.sh/v1/findings/{id}/jira-issues \
-H "Authorization: Bearer $API_KEY"
# Create JIRA issue from finding
curl -X POST https://api.safeguard.sh/v1/findings/{id}/jira-issues \
-H "Authorization: Bearer $API_KEY" \
-d '{"project_key": "SEC", "issue_type": "Bug"}'Best Practices
Issue Management
- Use consistent labels for filtering
- Set appropriate priorities
- Include all relevant details
- Link related issues
Workflow
- Define clear status transitions
- Set SLAs based on severity
- Assign to appropriate teams
- Track resolution metrics
Security
- Use dedicated service account
- Limit API token permissions
- Rotate tokens regularly
- Audit integration activity