Article
5 min read
Set up Jira integration with RiskHorizon
Integrate RiskHorizon with Jira and automatically create Jira tickets in specific projects when configured policies are violated. This integration automates the process of generating Jira tickets within your organization’s existing security workflow. This integration is supported on Jira Cloud.
To integrate RiskHorizon with Jira:
- Generate Jira API token
- Configure Jira Integration on RiskHorizon
- Manage RiskHorizon Jira notifications
- Associate an action policy with a Jira notification
- View Jira ticket details
Generate Jira API Token
Generate Jira API credentials that you want to use to sign in to RiskHorizon.
Note: It is recommended that the Jira account used for this integration includes only the following set of minimum required permissions.
- Create Issues
- Transition Issues
- Assign Issues
- Resolve Issues
- Add Comments
- Sign into your JIRA account.
- Navigate to your Jira profile.
- Under API Tokens, click Create API Token .
- Enter a concise label to distinguish your token and click Create.
- Click Copy to clipboard, and have the token handy to enter in the RiskHorizon application.
Note: The token cannot be viewed after closing the form. Copy it to a secure location and have it handy. Do not share the token.
Configure Jira Integration on RiskHorizon
Set up Jira integration on the RiskHorizon application.
1.Sign in to RiskHorizon.
2.From the sidebar, navigate to Integrations.
3.Under Notifications, click Manage for Jira.
4.Click Add Notification Integrations.
5.Enter a name and description for the integration.
6.Enter a Jira user name. The user account is displayed as the reporter for all the tasks or bugs created in Jira for this notification.
Note: It is recommended to create a new user account for receiving Jira notifications from RiskHorizon.
7.In API Key , enter the API token that you generated from Jira.
8.In JIRA URL , enter the HTTPs endpoint of your Jira instance.
9.In Project Key , enter the project key in which you want to create the Jira notifications. The project key is the prefix of the bug or task ID. For example, if the project key is ABC, the task or bug is created with ID in the format ABC-xxx.
10.Select the Issue Type as a Task or a Bug.
11.In Labels, enter a label and associate it with your Jira notifications.
12.Click Add Notification Integration.
Manage RiskHorizon Jira notifications
You can view and manage the RiskHorizon Jira notifications created for a project.
- From the sidebar, navigate to Integrations.
- Under Notifications, click Manage for Jira.
- To edit a notification, click the vertical ellipsis and choose Edit Notification Integration.
- To delete a notification, click the vertical ellipsis dots and choose Delete Notification Integration.
Associate an action policy with a Jira notification
While creating an action policy, configure the following settings:
Users can create action policies to execute a recommended action when a policy is violated. For example, if there is a license compliance violation, you can create a JIRA ticket and notify the required personnel.
- Select Choose an Action as Send Notification.
- From Select Notification Targets, choose the Jira integration notification that you created.
- Choose an Aggregation type for Jira notifications. Choose Project to trigger a single notification for all findings, or choose Dependency to trigger multiple notifications for every dependency.
A parent ticket is created with the selected issue type, either Task or Bug. The parent ticket includes the project name. Each identified dependency is grouped under a dedicated sub-ticket. The sub-ticket includes both the project name and dependency name. Findings without any dependency are grouped in a separate sub-ticket. During future scans, the existing sub-ticket status is updated or resolved. If a new dependency is found, a new sub-ticket is created.
SeeCreate an action policyfor more details.
SeeCreate an action policyfor more details.
View Jira ticket details
Users can view the created JIRA ticket details on the RiskHorizon application. Users have the ability to observe specific information such as the status of tickets (whether they are open or closed), the associated action policy, the number of violations, and other important details. This aids in seamless troubleshooting and identification of both unresolved and resolved issues.
- From the RiskHorizon application, navigate to Manage and click Notifications.
- Navigate across the Open, Resolved, or All tabs to view the issues listed under them.
- You can view specific details such as created date of the ticket, the name of the policy, the name of the project, the number of violations, and any labels associated with the projects.
- Choose a notification and click the vertical three dots on the far right side and choose:
- Dismiss Notification: Clear this notification if it is no longer valid. It will be marked in grey.
- Show Details: View the Jira ticket number and you can also navigate to Jira.
- Go to Policy: View configuration details of the policy that created this Jira ticket.
Blog
