Atlassian JIRA


AttackForge allows users to self-export vulnerabilities from AttackForge into their JIRA Cloud or Server tenant. This helps to get issues to developers faster, using a native platform which is already integrated into the enterprise ecosystem.

To self-export vulnerabilities into Atlassian JIRA, select the vulnerabilities then click on Export/Sync in the actions menu.

Enter the following details:

  • Host - this should be your JIRA Cloud/Server tenant e.g.

  • Username - this should be for a user which has permissions to create issues on a JIRA project.

  • API Key - this is the user's API Key used for Basic Authentication. It is not an OAuth token. You can retrieve this from

  • Project Key - this is the key for your project. It typically appears as UPPERCASE LETTERS.

  • Issue Type - you can raise the vulnerability as a Bug, Story or Task

  • Custom Issue Type - you can export your vulnerabilities to your JIRA project using a custom issue type (i.e. not Bug, Story or Task).

  • Custom Priority (Critical / High / Medium / Low / Info) - you can export your vulnerabilities to your JIRA project using a custom mapping for issue rating. For example, default mapping in JIRA for Critical is Highest. However, your project may be configured to use another value which is not Highest. Here you can enter that value to map the vulnerabilities accordingly.

Once you have added the information, click on Export.

You can also perform a bi-directional sync with JIRA after you have exported a vulnerability to JIRA. The sync will perform the following functions:

  • During SYNC process the following occurs for each selected vulnerability:

    • Perform check to confirm which source has latest data (either AttackForge or JIRA)

    • If JIRA has latest data – update record in AttackForge

      • If JIRA ticket status is marked as ‘Done’ – record in AttackForge will be marked as ‘Ready for Retest’ (to avoid closing issues in AttackForge before retesting can occur)

    • If AttackForge has latest data – update record in JIRA

    • Sync comments from JIRA to AF

    • Sync comments from AF to JIRA

    • Sync Evidence/Screenshots


If you are seeing following error codes, here's what you can do:

JIRA Tenant 'HOSTNAME' Not Found

Check your HOST field - the format should be

Site Temporarily Unavailable.

Check your HOST field - the format should be Ensure COMPANY exists.

Credentials Invalid. Please Use API Key. Passwords Are Deprecated.

Check your username & API Key. Your API Key can be retrieved from

Project Key Invalid. Check Project Key.

Make sure your project key is valid & you have permissions to the project. The project key appears as UPPERCASE LETTERS

Custom Integrations

Custom integrations, including real-time fully-automated bi-directional integrations, can be performed using AttackForge's Events API and out-of-the-box middleware. For more details, please speak with your AttackForge account manager.

Last updated

Check YouTube for more tutorials: