Arnica Documentation
  • Introduction
  • Getting Started
    • 🔑Sign Up
    • ▶️SCM Integrations
      • Azure DevOps
      • Bitbucket Cloud
      • Bitbucket Server & Datacenter
      • Github
        • GitHub Audit Logs
        • Github App Permissions
      • Gitlab
    • 📤ChatOps
      • Microsoft Teams
      • Slack
        • Adding Arnica to a New Channel
        • Interacting With the Arnica Slackbot
    • 🎫Ticket Management
      • 🐛Jira Integration
      • 📋ADO Boards Integration
    • 🧠Artificial Intelligence
      • Azure OpenAI
      • OpenAI ChatGPT
    • 🏨On Premise Integrations
  • Inventory
    • 💼Identities, Repositories & Organizations
    • 📇Software Bill of Materials (SBOM)
    • 🦄Prioritization & Product Ownership
  • Hardcoded Secrets
    • 🕵️Secret Detection
    • ⏪Realtime Secret Mitigation
    • 🥕Secrets Policy Settings
  • Code Risks
    • 🎼Static Application Security Testing (SAST)
      • Custom SAST Rules
    • 🧩Software Composition Analysis (SCA)
    • 🔡3rd Party Package Licenses
      • Override License Classifications
    • 🤹3rd Party Package Reputation
      • Identifying Low Rep Packages
      • How to Find Alternative Packages
    • ⛅Infrastructure as Code Security (IaC)
    • 🤖Code Risk Policy Settings
      • Developer Feedback On Push
      • Require Review Before Dismissal
      • 0 New High Severity Vulnerabilities
      • Enforce Remediation SLA
    • 🪄Code Risk Magic Links
    • 📦Code Risk Language and Framework Support
  • Platform Operations
    • 🚪Joining an Existing Org
    • ❌Deleting a Tenant
    • 🫂How do I invite members to my tenant?
      • New User Invitations
    • 👥Users & Roles
    • 🔇Deleting Integrations
    • ⌛Scheduled Jobs
      • How often do Jobs run?
    • 💸Billing
  • Security
    • 🎮Role Based Access Control (RBAC)
    • 🛡️Data Handling
    • 🏛️SSO Integration
      • Okta Integration
      • Entra ID Integration
Powered by GitBook
On this page
  • Overview
  • Ensure service account continuity
  • Create a dedicated application user
  • Prerequisites
  • Grant permissions to application user
  • Installation process
  • Integrate
  • Map issues in policies

Was this helpful?

  1. Getting Started
  2. Ticket Management

Jira Integration

PreviousTicket ManagementNextADO Boards Integration

Last updated 6 months ago

Was this helpful?

Overview

Arnica’s Jira integration allows customers to easily create issues manually and automatically by utilizing the and policies.

Arnica provides a customizable unidirectional connection to Jira. The reason for providing a single-direction connection is that Arnica maintains the source of truth for the resolution of vulnerabilities through the entire development lifecycle, from the moment the fix was introduced into a feature branch until it is merged into your production branch.

Ensure service account continuity

Create a dedicated application user

Arnica's Jira integration leverages OAuth2 to authenticate with a dedicated application user. To avoid the revocation of this functionality upon the impersonated user's departure, it is highly recommended to create and integrate using a standard application user.

The created user will be visible to all developers as part of Arnica's interactions, such as the reporter of each issue. Hence, it is recommended to name the service account properly, such as arnica-jira-service-account

Prerequisites

Grant permissions to application user

Ensure that the application user has the privileges to view all issues, issue types, projects, users and workflows

Additionally, ensure that this user is authorized to create and update Jira issues.

If an integration is required with multiple workspaces, ensure the user has similar level of access across all workspaces.

Installation process

Integrate

  2. Authorize the application for each workspace

  1. Click on Approve . You will see the workspaces in the integrations page.

Map issues in policies

Issues creation is available from each finding details in Secrets and Code Risks. You will see the Jira icon at the top right of each finding, as in the image below.

In order to avoid mapping each issue manually when it is created, Arnica requires to setup a policy in Secrets or Code Risks with the mapping of the relevant workspace, project, issue type, custom fields, as well as the determination of open vs. closed statuses.

The mapping of the open and closed status is important to allow Arnica close the issue when it is resolved.

Map manual issue creation

Arnica's field mapping supports string, integer or custom list typed fields . The values can be dynamic based on the finding or static strings.

  1. Click on Save and navigate to the relevant finding.

  2. Open the finding and click on the Jira icon on the top right pane.

  1. When the issue created successfully, the link to the Jira issue will appear in the history of the finding and in the column issue

Map automated issue creation

Arnica's field mapping supports string, integer or custom list typed fields. The values can be dynamic based on the finding or static strings.

  1. Click on Save and navigate to the relevant finding.

  2. The next time this rule is matches, the action will be taken.

Navigate to the in Arnica and click on Jira.

Navigate to the and expand the relevant section

Add a rule with the User Created Issue and relevant

Add the Create Issue and fill the relevant fields mapping in Jira

Jira issue creation can run with any and . This powerful automation can route any issue creation and resolution at any stage of the development lifecycle.

Navigate to the and expand the relevant section

Add a rule with the (e.g. Code risk detected on PR) and relevant (e.g. severity is High or above).

Add the relevant (e.g. Comment on PR and Fail Status Check), alongside the Create Issue. Fill the relevant fields mapping in Jira

🎫
🐛
Integrations page
Policies page
Policies page
Secrets
Policy configuration for manual issue creation
Links to Jira issues in the risks view
Automated issue creation on PR
Code Risk
trigger
conditions
action
action
trigger
condition
trigger
conditions
actions