StackHawk + Atlassian: Application Security in Your Existing Engineering Tooling

Sam Volin
Sam Volin
Share on twitter
Share on facebook
Share on linkedin
Share on reddit
Sam Volin

Sam Volin

Share on twitter
Share on facebook
Share on linkedin
Share on reddit

Atlassian Jira is the tool of choice for project management and issue tracking by many engineering teams. With the new StackHawk Jira Addon, application security bugs found in StackHawk scans can be triaged and tracked in the same place your team prioritizes other engineering work.

StackHawk + Jira integration

Today we are (officially) announcing the StackHawk for Jira Integration! This integration is now available from the Atlassian marketplace and can be quickly added to an existing Jira Cloud workspace.

StackHawk + Jira: Better AppSec Workflow and Prioritization

StackHawk scans your application for application security bugs. With the Jira integration, you can create or link Jira Issues from one or more StackHawk findings. Key details about the found bug will be included on the Jira Issue, along with a link back to the particular finding within StackHawk.

Creating a Jira issue from a StackHawk finding.

The StackHawk scanner finds potential security bugs in your applications and services. At times, these will be critical issues that should be fixed right away or simple fixes from your latest commit. Other times, however, this work will need to be prioritized along with other engineering work. In this case, the Jira integration makes it simple to create a ticket with all of the relevant information. Then, when the issue is pulled into the current sprint, the developer working on it can link back to the finding details and reproduction criteria to help fix the bug.

With application security testing automated in the continuous integration pipeline, running AppSec tests on every commit or pull request, teams are assured that they have visibility into any potential security issues before the deploy to production. With bugs assigned to Jira, you will no longer break the build for issues that have been added to the backlog instead of immediately fixing. Managing security with automation is what enables dev teams of all sizes to shift left, and own their application security.

Adding StackHawk to Your Jira Workspace

The StackHawk for Jira addon can be added to any Jira workspace (admin permissions required). The addon can be easily installed from the Atlassian Marketplace into your authenticated workspace. Search for StackHawk in the Marketplace, and choose connect.

Adding the StackHawk app to your Jira workspace

Then, enable the Jira integration within your StackHawk account by going to Integrations > Jira and generate the integration key.

Setting up your Jira integration within StackHawk

Using the Jira Integration

After installed, you can assign findings to Jira. The Jira Issue creation and link will pre-populate with key details from the selected finding, but you can edit before creating the issue. After creating the Jira issue, the bug will still be found in future scans, but it will be in a managed state. This means that it will not break the build or otherwise alert you. If you want details on the prioritization status, the existing and future findings will include a link to the Jira issue.

Creating a Jira issue with the StackHawk and Jira integration

Within Jira, you will see the details from the finding and the associated paths that the bug was found on. The Jira ticket will also include a link back to the original details of the finding in StackHawk. When a team member starts working on a fix, they can jump into StackHawk to review the Request and Response information, and automatically generate a CURL command to reproduce the issue.

A Jira issue that was created from the StackHawk integration

Now managing your application security findings has become even easier, with tighter integration into your existing engineering tooling. With the Jira integration, not only are you able to manage security bugs with your other engineering prioritization, but you are also able to have your findings in a managed state to avoid breaking the build for something that has already been triaged.

Even More to Come

At StackHawk, our modus operandi is to give developers the tools they need to succeed. In order for developers to own their application security, they must be equipped to find and track their bugs. By integrating with Atlassian Jira, your team can now use best in class security testing to find bugs while continuing to track and prioritize in your existing tooling.

We have more planned for our Jira integration, as well as integrations with other tooling from your engineering stack. If you aren’t currently running security tests with StackHawk, sign up for a free trial today. Getting started is easy, with most customers running their first scan in less than 20 minutes.

More StackHawk
Ryan Severns
Zachary Conger
Scott Gerlach

KAAKAWW!!! [ kǝn'grats ]

The Demo Gods Approve!
We’ll reach out to you soon to schedule a 45 minute demo. Please complete this 3 minute survey so we can prepare a demo that is specific to you.

KAAKAWW!!! [ kǝn'grats ]

You're signed up for the newsletter!
We’ll keep you up to date on content and other happenings here at StackHawk.