🐛

Jira Integration

Overview

Arnica’s Jira integration allows customers to easily create issues manually and automatically by utilizing the Secrets and Code Risk policies.
Arnica provides a customizable unidirectional connection to Jira. The reason for providing a single-direction connection is that Arnica maintains the source of truth for the resolution of vulnerabilities through the entire development lifecycle, from the moment the fix was introduced into a feature branch until it is merged into your production branch.

Ensure service account continuity

Create a dedicated application user

Arnica's Jira integration leverages OAuth2 to authenticate with a dedicated application user. To avoid the revocation of this functionality upon the impersonated user's departure, it is highly recommended to create and integrate using a standard application user.
The created user will be visible to all developers as part of Arnica's interactions, such as the reporter of each issue. Hence, it is recommended to name the service account properly, such as arnica-jira-service-account

Prerequisites

Grant permissions to application user

Ensure that the application user has the privileges to view all issues, issue types, projects, users and workflows
Additionally, ensure that this user is authorized to create and update Jira issues.
If an integration is required with multiple workspaces, ensure the user has similar level of access across all workspaces.

Installation process

Integrate

  1. 1.
    Navigate to the Integrations page in Arnica and click on Jira.
  2. 2.
    Authorize the application for each workspace
  1. 3.
    Click on Approve . You will see the workspaces in the integrations page.

Map issues in policies

Issues creation is available from each finding details in Secrets and Code Risks. You will see the Jira icon at the top right of each finding, as in the image below.
In order to avoid mapping each issue manually when it is created, Arnica requires to setup a policy in Secrets or Code Risks with the mapping of the relevant workspace, project, issue type, custom fields, as well as the determination of open vs. closed statuses.
The mapping of the open and closed status is important to allow Arnica close the issue when it is resolved.

Map manual issue creation

  1. 1.
    Navigate to the Policies page and expand the relevant section
  2. 2.
    Add a rule with the trigger User Created Issue and relevant conditions
  3. 3.
    Add the action Create Issue and fill the relevant fields mapping in Jira
Policy configuration for manual issue creation
Arnica's field mapping supports string, integer or custom list typed fields . The values can be dynamic based on the finding or static strings.
  1. 4.
    Click on Save and navigate to the relevant finding.
  2. 5.
    Open the finding and click on the Jira icon on the top right pane.
  1. 6.
    When the issue created successfully, the link to the Jira issue will appear in the history of the finding and in the column issue
Links to Jira issues in the risks view

Map automated issue creation

Jira issue creation action can run with any trigger and condition. This powerful automation can route any issue creation and resolution at any stage of the development lifecycle.
  1. 1.
    Navigate to the Policies page and expand the relevant section
  2. 2.
    Add a rule with the trigger (e.g. Code risk detected on PR) and relevant conditions (e.g. severity is High or above).
  3. 3.
    Add the relevant actions (e.g. Comment on PR and Fail Status Check), alongside the Create Issue. Fill the relevant fields mapping in Jira
Automated issue creation on PR
Arnica's field mapping supports string, integer or custom list typed fields. The values can be dynamic based on the finding or static strings.
  1. 4.
    Click on Save and navigate to the relevant finding.
  2. 5.
    The next time this rule is matches, the action will be taken.