When integrating security practices into your team’s software development lifecycle, it can be challenging to manage the vulnerabilities discovered by various security tools and to stay on top of their remediation statuses. With the release of Atlassian’s Security in Jira, Jira Software users can easily manage the vulnerabilities found across their security tools in a consolidated dashboard. As one of the early security vendors selected to partner with Atlassian on this product, StackHawk has built an integration which sends scan findings to be tracked in Jira. StackHawk’s integration can be installed in Jira Software sites and is available in the Atlassian Marketplace.
The latest releases from the teams at StackHawk and Atlassian enables users to triage and assign StackHawk scan result findings through issue creation in Jira. Once HawkScan findings are transmitted to Jira projects with the security feature enabled, these findings can be converted into Jira issues. Issues created for vulnerabilities in the security feature will now automatically link back to findings in the StackHawk platform.
Linking Jira Issues with HawkScan Findings
In order to take advantage of this new functionality, it is necessary to install the StackHawk app in your Jira Software site and to enable the Security in Jira integration in StackHawk. It is also necessary to upgrade to the latest version (0.3.0) of the integration in order to use the issue-linking functionality. For more information on this, see the documentation on how to install, configure and upgrade the integration.
Once the integration has been configured and scan findings are being received in Jira, click the “Create issue” button next to a vulnerability in order to create a Jira issue. This will bring up a modal that allows for creating a Jira issue. Once the fields in the modal are filled out and the issue is created, the vulnerability will display the Jira issue key in the Issues column.
Once this Jira issue is created, a corresponding connection will be created on the StackHawk side. Navigate to the scan findings for the most recent scan of the application and environment associated with this vulnerability. In the finding details for the vulnerability, the finding paths will show the same issue key linked from the security feature in Jira. When clicked, the arrow next to the issue key will take you directly to the issue in Jira.
Once Jira issues have been linked to finding paths, the triage status of those paths will be impacted. Those paths will move from the untriaged status of “New” to a triaged status of “Assigned,” meaning that this vulnerability has been converted into an issue or bug in Jira and is ready to be picked up by the development team.
The main benefit of this functionality is that it is no longer necessary to do any duplicate work in order to track the remediation status of vulnerabilities in both StackHawk and Jira. The remediation status of vulnerabilities is automatically tracked in both platforms by creating Jira issues. StackHawk users now have the ability to use Security in Jira in order to triage vulnerabilities through issue creation rather than having to perform triage solely on the StackHawk side.
Ready for more?