SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Integrating Netsparker Enterprise with Jira

JIRA is an issue tracking software application with agile project management and bug tracking features. JIRA allows you to order and prioritize issues and bugs, as well as add issue types, fields and workflows as the project develops. JIRA shares customer support tickets with other issue tracking systems.

This topic explains how to configure Netsparker Enterprise to send a detected issue to JIRA.

Netsparker Enterprise has out-of-the-box support for resolving and reactivating Jira issues according to the scan results, in addition to automatic issue creation. Netsparker Enterprise uses user provided resolved and reopened statuses in Jira for this purpose.

To enhance issue synchronization support, Netsparker Enterprise also offers webhook support. This enables you to detect any status changes Jira issues opened by Netsparker Enterprise.

  • Netsparker Enterprise generates a Webhook URL after you save your integration settings. When you register this link as a webhook in your Jira Project, and enter your preferred resolved and reopen statuses, you will complete Netsparker Enterprise issue synchronization for your integration.
  • When you change your Jira issue’s status to your preferred resolved status, the issue is automatically marked as Fixed (Unconfirmed) in Netsparker Enterprise and a retest scan is started. And, when you change your Jira issue’s status to your preferred reopened status, your corresponding Netsparker Enterprise issue is automatically marked as revived.

Jira Fields

This table lists and explains the Jira fields in the New Jira Integration page.

Button/Section/Field

Description

Name

This is the name of the integration that will be shown elsewhere in Netsparker Enterprise.

Mandatory

This section contains fields that must be completed.

URL

This is the Jira instance URL.

Username or Email

This is the username if self-hosted. This is the username or email address if hosted by Atlassian.

Access Token or Password

This is the personalized access (API) token of the user or the password. The API token can be retrieved from https://id.atlassian.com/manage/api-tokens.

Project Key

This is the project key that is used to prefix the ids of issues for the specific project. The 'Key' value is in the Settings>Projects table in JIRA.

Issue Type

This is the name of the issue type. The options are: Bug, Task and Story.

Title Format

This is the string format that is used to create the issue title.

Optional

This section contains optional fields.

Assigned To

This is the user to whom the issue is assigned by default.

Reporter

This is the user who reports issues. You need to allow this feature in your JIRA project, otherwise you’ll encounter an error (see Manage User Mappings).

Priority

This is the priority of the bug.

Reopen Status

This is the status of the reopened issues/tickets.

Resolved Status

This is the status name of the resolved issues/tickets.

Security Level 

The issue security level name.

Labels

These are the issue labels.

Due Days

This is the number of days from the date the issue was created to the date it is due.

Custom Fields

This section contains  Custom Fields.

New Custom Field

Click to create a new custom field.

Name

Enter a name for the new custom field.

Value

Enter a value for the new custom field.

Create Sample Issue

Once all relevant fields have been configured, click to create a sample issue.

Using the Reporter Field

To use reporter field in Netsparker, first follow the steps below:

  1. First you need to define a new user mapping, so that JIRA has something to select from the Reporter dropdown (see Configuring User Mappings).

  1. Next, you must enable this feature in your JIRA project, otherwise you’ll encounter an error:

How to Integrate Netsparker Enterprise with Jira

  1. Log in to Netsparker Enterprise.
  2. From the main menu, click Integrations then New Integration.

  1. From the Issue Tracking Systems section, click Jira. The New Jira Integration window is displayed.

  1. In the Name field, enter a name for the integration.
  2. In the Mandatory section, complete the connection details:
    • URL
    • Username or Email
    • Access (API) Token or Password
    • Project Key
    • Issue Type
    • Title Format (This is a string format that is used to create the issue title)
  3. Click Create Sample Issueto confirm that Netsparker Enterprise can connect to the configured system. A confirmation message is displayed to confirm that the sample issue has been successfully created.

  1. In the confirmationmessage, click the Issue number link to open the issue in your default browser.
  2. If the Jira integration is not configured correctly, Netsparker Enterprise will correctly route the following descriptive error messages to you. Sample error messages may be displayed as illustrated:
    • If the URL was entered incorrectly

    • If the Access Token or Password was entered incorrectly

How to Export Reported Issues to Projects in Jira

There are several ways to send issues to Jira with Netsparker Enterprise:

  • Once notifications have been configured, you can configure Netsparker Enterprise to automatically send issues after scanning has been completed.
  • You can send one or more issues from the Issues window:
    • You must have Manage Issue permission.
    • From the main menu, select Issues, then All Issues. The Issues page is displayed.
    • Select one or more issues you want to send.
    • Click Send To, then Jira.

    • A popup is displayed, with a link to the issue you have sent to Jira. If there is an error, this information will be displayed instead.

  • You can send an issue from the Recent Scans window:
    • From the main menu, click Scans then Recent Scans.

      • Next to the relevant scan, click Report. The report is displayed.
      • Scroll down to the Technical Report section.
      • From the list of detected issues, click to select an issue and display its details.

    • Click Send To, then Jira.
    • If you have already previously submitted this vulnerability to Jira, it will already be accessible. You cannot submit the same issue twice.
  • You can view the issues you have sent to Jira in the Open issues window.

How to Register a Netsparker Enterprise Jira Integration Webhook

  1. From the main menu, click Integrations, then Manage Integrations. The Integrations window is displayed.
  2. Next to the relevant Jira integration, click Edit. The Update Jira Integration window is displayed.

  1. In the Webhook URL field, click Copy to clipboard ().
  2. Open Jira.
  3. From the main menu, click Settings, then System, then Webhooks. The Webhooks window is displayed.

  1. ClickCreate a WebHook.
  2. In the URL field, paste in the Webhook URL (from step 3). In the Issue related events field, select the updated checkbox in the Issue column.
  3. In the Jira Software related events field, enable the Exclude body option on Jira Webhook settings to prevent unnecessary data transfer. If data transfer is turned on, it may interfere with transfer limits and disrupt synchronization. (If you are going to make this change, it is essential to update the integration address.)

  1. Click Create, then Save.
  2. In Jira, navigate to Open Issues window, then click the issue. From the Status dropdown, select DONE.

  1. The Webhook is triggered, and Netsparker Enterprise initiates a new Retest process.
  2. In Netsparker, from the main menu, click Scans, then Waiting For Retest. The Issues window is displayed, showing the issues waiting to be rescanned. The scanning process will begin soon, depending on the availability of the scanning agents.

  1. If the issue is found again, the status will be updated to 'Reopen Status' instead of 'To Do' or 'In Progress'.

How to Add Custom Fields

For information on creating a new custom field in JIRA, first read Adding a custom field.

For the purposes of this example, we have selected Text Field. For other field types, see How to Add Complex Custom Fields.
  1. Open your project in Jira.
  2. From the gears icon dropdown (), select Issues.
  3. Select Fields, then Custom Fields.
  4. Select Add Custom Field. The Select a Field Type dialog is displayed.
  5. Select Text Field (multi-line) or Text Field (single line).

  1. Click Next. The 'Configure text field (single line)' Field step is displayed.

  1. In the Name field, enter a name. Click Create.
  1. In the Associate field MyCustomField to screens field, select the screens you want to display the custom field.

  1. Before clicking Update, check the url for the fieldId.

  1. Copy the value of the fieldId's parameter in the URL (in this example, it is 'customfield_100XX').
  2. In Netsparker, navigate to the New JIRA Integration or Update JIRA Integration window. Configure your JIRA integration. Then paste the fieldId's value (e.g. 'customfield_100XX') you copied from JIRA into the Name field in the Custom Fields section.

  1. Click Create Sample Issue to confirm that Netsparker Enterprise can connect to the configured system. An issue is displayed like this, under MYCUSTOMFIELD, to confirm that the sample issue has been successfully created.

How to Add Complex Custom Fields

For information on creating a new custom field in JIRA, first read Adding a custom field.


For the purposes of this example, we have selected Date Picker, but the steps are the same for other field types.

  1. Open your project in Jira.
  2. At the Select a field type step, select Date Picker as your complex custom field.

  1. Click Next.
  2. In the Custom fields section, enter the custom field's name into the Search box, to find the newly created complex custom field. Search results are displayed.

  1. Click the ellipsis to display the context menu, and click Screens.
  2. From the Issues list, select the screens you want to display the field.

  1. Check the current url for the fieldId.
  2. Copy the value of the fieldId's parameter in the URL (in this example, 'customfield_10031').
  3. This value will be used later in the in the Custom Fields' Name field.

  1. To get the Date Picker and other types values, see Setting custom field data for other field types.

  1. In Netsparker, in New JIRA Integration or Update JIRA Integration window, scroll down to the Custom Fields section and complete the following fields (examples shown):
    • Name: 'customfield_10031'
    • Value: '2011-10-03'
    • Complex: Checked

  1. Click Create Sample Issue to confirm that Netsparker Enterprise can connect to the configured system. A confirmation message is displayed to confirm that the sample issues has been successfully created.

  1. In the confirmationmessage, click the Issue number link to open the issue in your default browser.
  2. If the Jira integration is not configured correctly, Netsparker Enterprise will correctly route descriptive error messages to you.
  3. In Jira, in the Netsparker Enterprise [Test Issue] window, you’ll see the DATEPICKER TEST value.

  1. Enable the Complex field checkbox.

Otherwise you’ll encounter the following error.

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO