StackHawk has recently made a few improvements to our Jira Cloud Integration.
Atlassian Jira is the premier software planning and project tracking software. The StackHawk Jira Cloud integration helps teams identify and track HawkScan findings within your Atlassian Jira workspace.
Tracking security with Project Management tools
A Jira workspace can have many projects and each project includes Issues, each created with a specific Issue Type. The most common Jira Issue Types used are "bug", "story", or "task". Previously, the StackHawk Jira integration would only create "bug" issues, and so that issue type was required in a Jira project to use the integration.
No longer! StackHawk findings can now be triaged into any Jira issue type that belongs to a project. This update means security teams tracking findings in Jira projects can use any issue type in any project they desire, even if it’s not a “bug”. This flexibility gives teams the ability to track software defects in development, instead of separating StackHawk “security” findings from normal software development workflows.
After installing the Jira integration, teams can now select a specific project and issue type pair they want to have preselected as the default when promoting a StackHawk finding into a Jira issue from the StackHawk platform.
Tracking security findings with StackHawk
StackHawk findings can be “promoted” to a ticket engine, including Jira Cloud. After scanning an application for vulnerabilities, Application Paths in the findings can be added and tracked on a Jira ticket.
Jira project management is extremely flexible, allowing teams to design process workflows and coordinate shared work.
For software development teams, maintaining a strong security posture can include a regular team review of defect tracking and tracing tools, such as StackHawk, Snyk or Sentry, and assigning and prioritizing work into tickets on Jira Cloud, or any preferred project management system.
The StackHawk for Jira Cloud integration will help any software development team to build quality software with a strong security posture. How teams plan software development alongside security posture is a blog post for another time. But indeed, by regularly measuring and triaging events from security and code quality tools and bringing a discipline of shared quality and project organization, teams can ship secure software with confidence.
Sam Volin is a FullStack Software Engineer at StackHawk
Want to learn more? Check out the resources below: