Today we are (officially) announcing the StackHawk for Jira Integration! This integration is now available from the Atlassian marketplace and can be quickly added to an existing Jira Cloud workspace.
StackHawk + Jira: Better AppSec Workflow and Prioritization
StackHawk scans your application for application security bugs. With the Jira integration, you can create or link Jira Issues from one or more StackHawk findings. Key details about the found bug will be included on the Jira Issue, along with a link back to the particular finding within StackHawk.
The StackHawk scanner finds potential security bugs in your applications and services. At times, these will be critical issues that should be fixed right away or simple fixes from your latest commit. Other times, however, this work will need to be prioritized along with other engineering work. In this case, the Jira integration makes it simple to create a ticket with all of the relevant information. Then, when the issue is pulled into the current sprint, the developer working on it can link back to the finding details and reproduction criteria to help fix the bug.
With application security testing automated in the continuous integration pipeline, running AppSec tests on every commit or pull request, teams are assured that they have visibility into any potential security issues before the deploy to production. With bugs assigned to Jira, you will no longer break the build for issues that have been added to the backlog instead of immediately fixing. Managing security with automation is what enables dev teams of all sizes to shift left, and own their application security.
Adding StackHawk to Your Jira Workspace
The StackHawk for Jira addon can be added to any Jira workspace (admin permissions required). The addon can be easily installed from the Atlassian Marketplace into your authenticated workspace. Search for StackHawk in the Marketplace, and choose connect.
Then, enable the Jira integration within your StackHawk account by going to Integrations > Jira and generate the integration key.
Using the Jira Integration
After installed, you can assign findings to Jira. The Jira Issue creation and link will pre-populate with key details from the selected finding, but you can edit before creating the issue. After creating the Jira issue, the bug will still be found in future scans, but it will be in a managed state. This means that it will not break the build or otherwise alert you. If you want details on the prioritization status, the existing and future findings will include a link to the Jira issue.
Within Jira, you will see the details from the finding and the associated paths that the bug was found on. The Jira ticket will also include a link back to the original details of the finding in StackHawk. When a team member starts working on a fix, they can jump into StackHawk to review the Request and Response information, and automatically generate a CURL command to reproduce the issue.
Now managing your application security findings has become even easier, with tighter integration into your existing engineering tooling. With the Jira integration, not only are you able to manage security bugs with your other engineering prioritization, but you are also able to have your findings in a managed state to avoid breaking the build for something that has already been triaged.
Even More to Come
At StackHawk, our modus operandi is to give developers the tools they need to succeed. In order for developers to own their application security, they must be equipped to find and track their bugs. By integrating with Atlassian Jira, your team can now use best in class security testing to find bugs while continuing to track and prioritize in your existing tooling.
We have more planned for our Jira integration, as well as integrations with other tooling from your engineering stack. If you aren’t currently running security tests with StackHawk, sign up for a free trial today. Getting started is easy, with most customers running their first scan in less than 20 minutes.