Hamburger Icon

Seamlessly Triaging
HawkScan Findings
from Security in Jira


Omar Alkhalili|November 27, 2023

Learn how recent improvements to the StackHawk and Jira integration have simplified vulnerability management in Security in Jira.

When integrating security practices into your team’s software development lifecycle, it can be challenging to manage the vulnerabilities discovered by various security tools and to stay on top of their remediation statuses. With the release of Atlassian’s Security in Jira, Jira Software users can easily manage the vulnerabilities found across their security tools in a consolidated dashboard. As one of the early security vendors selected to partner with Atlassian on this product, StackHawk has built an integration which sends scan findings to be tracked in Jira. StackHawk’s integration can be installed in Jira Software sites and is available in the Atlassian Marketplace.

The latest releases from the teams at StackHawk and Atlassian enables users to triage and assign StackHawk scan result findings through issue creation in Jira. Once HawkScan findings are transmitted to Jira projects with the security feature enabled, these findings can be converted into Jira issues. Issues created for vulnerabilities in the security feature will now automatically link back to findings in the StackHawk platform.

Linking Jira Issues with HawkScan Findings

In order to take advantage of this new functionality, it is necessary to install the StackHawk app in your Jira Software site and to enable the Security in Jira integration in StackHawk. It is also necessary to upgrade to the latest version (0.3.0) of the integration in order to use the issue-linking functionality. For more information on this, see the documentation on how to install, configure and upgrade the integration.

Once the integration has been configured and scan findings are being received in Jira, click the “Create issue” button next to a vulnerability in order to create a Jira issue. This will bring up a modal that allows for creating a Jira issue. Once the fields in the modal are filled out and the issue is created, the vulnerability will display the Jira issue key in the Issues column.

Triaging HawkScan Findings from Security in Jira

Once this Jira issue is created, a corresponding connection will be created on the StackHawk side. Navigate to the scan findings for the most recent scan of the application and environment associated with this vulnerability. In the finding details for the vulnerability, the finding paths will show the same issue key linked from the security feature in Jira. When clicked, the arrow next to the issue key will take you directly to the issue in Jira.

SQL Injection vulnerability finding image

Once Jira issues have been linked to finding paths, the triage status of those paths will be impacted. Those paths will move from the untriaged status of “New” to a triaged status of “Assigned,” meaning that this vulnerability has been converted into an issue or bug in Jira and is ready to be picked up by the development team.

The main benefit of this functionality is that it is no longer necessary to do any duplicate work in order to track the remediation status of vulnerabilities in both StackHawk and Jira. The remediation status of vulnerabilities is automatically tracked in both platforms by creating Jira issues. StackHawk users now have the ability to use Security in Jira in order to triage vulnerabilities through issue creation rather than having to perform triage solely on the StackHawk side.

Ready for more?

Omar Alkhalili  |  November 27, 2023

Read More

StackHawk + Atlassian: Helping You Shift Left The Right Way

StackHawk + Atlassian: Helping You Shift LeftThe Right Way

Improvements to the StackHawk Jira Cloud Integration

Improvements to the StackHawk Jira Cloud Integration

Hawk Tips & Tricks: Triaging and Fixing Findings

Hawk Tips & Tricks:Triaging and Fixing Findings