Jira
FortiDevSec allows you to integrate Jira projects for unified bug management. Jira integration is optional and avoids the overhead of maintaining the detected vulnerabilities in multiple systems.
Before integrating Jira with FortiDevSec, use the following links to generate the API Key and Personal access token (PAT) for Jira cloud and on-prem respectively.
-
Jira Cloud - https://id.atlassian.com/manage-profile/security/api-tokens
-
Jira On-prem - https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html
To add Jira integration to new application, see Adding a New Application.
To add/update Jira integration to an existing application:
-
In the FortiDevSec dashboard, click the desired application .
-
In the scanned application details page, click Jira plugin icon. See Viewing the Scan Result.
-
Toggle the Add Jira Plugin, if not already enabled. If Jira plugin is already enabled, update the required fields and click OK.
-
Select the Cloud or On Prem option for the Jira Server.
-
Enter the URL.
-
Enter the Email ID.
-
Enter API Key, if cloud server is selected. Enter PAT if on prem server is selected.
-
Click Fetch Details and select the Jira projects.
-
Click OK.
Notes:
- Jira plugins are supported per FortiDevSec application.
- When vulnerability issues are reported in the FortiDevSec GUI, the associated Jira project is also updated.
- The vulnerability updates in Jira are synchronized to FortiDevSec prior to scanning the application. You can also synchronize the Jira updates manually.
-
FortiDevSec relies on the built-in Jira priority system: Highest, High, Medium, Low, and Lowest. Please configure your Jira project integrated with FortiDevSec, to align with these priorities.