This article describes the step by step guide that allows you to set up a (set of) Jira integration(s) that allow native integration of your Intigriti program(s) and related Jira projects. Having such an integration setup will enable you to have submissions pushed (manually or automatically) from your intigriti programs straight to your solver group's Jira board.
This is step 2 of 2 of setting up your Jira Integration.
For an of the entire process, see Jira Integration: Overview guide
For the previous step in this process, see Connecting to a Jira instance
What it does
Once both instances are connected to one-and-other your Intigriti program administrator can start configuring the integration with the Jira project. By doing so, pushing submissions to Jira will become effortless (either a click of a button, or fully automated based on triggers in the application).
By centralising state, severity and priority mapping of vulnerabilities on the Intigriti platform, you are able to centrally manage and 'own' status, priority and severity categorisation in Intigriti. By natively integrating this, communication is friction- and effortless.
What do I need
A connection must be available between the concerning Jira instance and your Intigriti account (see Connecting to a Jira instance)
An Intigriti Program administrator to help you setup this integration
See how it works
Configure Automatic trigger
Configure Manual trigger
Step-by-step: Configuring a Jira integration
Setup the integration and issue creation triggers
To configure the integration between your Intigriti program and a Jira project, you need to perform following actions on the Intigriti platform
Open the Intigriti platform
Go to Program > Integrations > Jira and click Open configuration
Enter a Jira integration name (e.g. the name of the Jira project.). This will be the name that is visible to Intigriti program members as reference to the Jira project.
Select the Jira connection via which the project can be accessed.
Select the Jira Project you want to integrate with.
Note: In case your Jira project is not visible in the drop down, please reach out to your Intigriti company administrator and/or Jira administrator to make sure that the Intigriti integration user has project administrator permissions in Jira.
Select the Jira Issue creation trigger or event on which you want the integration to create a Jira issue in case you want to push submission details automatically to the selected Jira Project.
Note: Be aware that the Create Jira Issue-option will be available on the submission details page by default when the submission is still to be pushed to your Jira Project. This option allows you to push the submission to Jira at any point in time. The integration will at all times prevent creation of duplicates in your Jira system (e.g. when combining a manual push with a later automatic push).
After defining where and when Jira Issues should be created, you must indicate which submission information needs to pushed to Jira and later on kept in sync.
Following items need your attention while doing so:
Choose issue type and labels to add
Select the Jira Issue type that must be used when this integration creates issues in Jira.
You can specify up to 10 Jira labels that will be added to each of the Jira issues created by this integration.
Map priority, status and closed reason
Except of the submission title which is mapped to the Jira Issue summary by default, you can optionally map values of following submission properties to values of issue properties:
Submission severity - Issue priority
Submission status - Issue status
Submission closed reason - Issue resolution
Note: If you would choose not to configure a mapping for these items, or the mapping in this integration appears to be invalid, no action will be taken to set these values by Intigriti (so Jira default values will remain).
Add issue description
Indicate if submission information needs to be included in the details field of your Jira Issues. A default submission template will be added to the issue description, containing following information:
Submission references: code, URL, internal ref, internal link
Submission information: status & creation date
Researcher information: username & IP address
Report content: severity, domain, endpoint, type, PoC, impact, solution, Q&A, attachments
Following information is excluded: submission tags, groups, assignee and payouts.
Add issue comments
Indicate if submission messages and attachments need to be pushed to Jira. You can select out of the following message types:
Messages posted by researchers
Messages posted by Intigriti triage
Messages posted by company users
Submission event messages
Activate the Jira integration
After configuring your integration, all you have to do is to activate it:
Click activate in the right upper corner of the page.
Indicate whether you want to automatically delete the test issue that will be pushed to your Jira Project upon activation. Or you rather delete it yourself.
Confirm you want to activate the integration.
If the creation of the test issue fails, this means your configuration is probably not compatible. Best thing to do at that point is to team up with your Intigriti and/or Jira company administrator to get this reviewed and corrected.
Setting up multiple Jira integrations for one program
Depending on your organisations structure is might be beneficial to setup multiple integrations for one program. This allows you to share submission details from one program with (a combination of) multiple teams within your organisation e.g. operations team, security team, ...
Intigriti fully supports this. In fact, you can simply repeat the process above as many times as needed to make this happen.
Note: We do not yet support conditional routing of Jira issues to specific Jira Projects ex. based on submission domain, severity,.. In case you want to integrate one Intigriti program with several Jira Projects and only want to push a subset of the submission to each Jira project, we advice you to use the manual creation option.