Atlassian JIRA

Overview

AttackForge allows users to self-export vulnerabilities from AttackForge into their JIRA Cloud or Server tenant. This helps to get issues to developers faster, using a native platform which is already integrated into the enterprise ecosystem.
To self-export vulnerabilities into Atlassian JIRA, click on the Export button on your project dashboard. Then click on JIRA.
Enter the following details:
  • Host - this should be your JIRA Cloud/Server tenant e.g. COMPANY.atlassian.net
  • Username - this should be for a user which has permissions to create issues on a JIRA project.
  • API Key - this is the user's API Key used for Basic Authentication. It is not an OAuth token. You can retrieve this from https://id.atlassian.com/manage-profile/security/api-tokens
  • Project Key - this is the key for your project. It typically appears as UPPERCASE LETTERS.
  • Issue Type - you can raise the vulnerability as a Bug, Story or Task
Once you have added the information, select the vulnerabilities you wish to export and click on Export Vulnerabilities.
You can also perform a bi-directional sync with JIRA after you have exported a vulnerability to JIRA. The sync will perform the following functions:
  • During SYNC process the following occurs for each selected vulnerability:
    • Get stored data for the vulnerability in AttackForge
    • Call JIRA Get issue endpoint using ISSUE-KEY
    • Call JIRA Get comments endpoint using ISSUE-KEY
    • Perform check to confirm which source has latest data (either AttackForge or JIRA)
    • If JIRA has latest data – update record in AttackForge
      • If JIRA ticket status is marked as ‘Done’ – record in AttackForge will be marked as ‘Ready for Retest’ (to avoid closing issues in AttackForge before retesting can occur)
    • If AttackForge has latest data – update record in JIRA
      • Using JIRA Get transitions endpoint + JIRA Transition issue endpoint
        • Update ticket status if any changes e.g. To Do, Done, Complete, Finished etc.
      • Using JIRA Edit issue endpoint, update following fields:
        • Name
        • Summary
        • Description
        • Priority
        • Labels
    • Sync comments from JIRA to AF
    • Sync comments from AF to JIRA - Using JIRA Add comment endpoint
    • Sync Evidence/Screenshots - if deleted in AttackForge, will also be deleted in JIRA

Troubleshooting

If you are seeing following error codes, here's what you can do:

JIRA Tenant 'HOSTNAME' Not Found

Check your HOST field - the format should be COMPANY.atlassian.net

Site Temporarily Unavailable.

Check your HOST field - the format should be COMPANY.atlassian.net. Ensure COMPANY exists.

Credentials Invalid. Please Use API Key. Passwords Are Deprecated.

Check your username & API Key. Your API Key can be retrieved from https://id.atlassian.com/manage-profile/security/api-tokens

Project Key Invalid. Check Project Key.

Make sure your project key is valid & you have permissions to the project. The project key appears as UPPERCASE LETTERS
Last modified 3mo ago