JIRA

JIRA


[This feature is only available for Corporate version users]

This is a feature that allows you to send vulnerabilities from Faraday to JIRA.

Send vulnerability to JIRA

To send vulnerabilities to JIRA, go into the Status Report section, select the desired vulnerabilities, click on the Tools button and then click on JIRA. 
Keep in mind that only confirmed vulnerabilities can be sent.




Send To JIRA

Once the JIRA dialog opens, you have two options:

  1. You can use the default data saved in the Ticketing Tools section of Settings (see Save JIRA's Configuration for more information):


  1. You can overwrite JIRA default data by clicking on the checkbox button and then manually input your JIRA credentials. Then click OK:
If you overwrite only one field, Faraday will fill the others fields with the default data. E.g: if you overwrite Project Key, Faraday will fill URL field with the information you have saved in Settings.

Authentication

Note: Faraday authenticate to Jira using OAuth1.0a
Steps to set up OAuth for Jira:

Generate RSA Keys.

Run faraday-manage generate-rsa-keys --integration jira to generate the RSA key pair that Jira requests for the OAuth authentication process. For more information about the keys, go to the RSA Keys section.
To authenticate to Jira using OAuth, you need to create an Application Link in Jira to link Faraday. For more information, take a look at the documentation (https://confluence.atlassian.com/adminjiraserver/using-applinks-to-link-to-other-applications-938846918.html). When you’re creating the Application Link, it will ask you for a Public Key. You need to paste there the public key that the command in the section above printed.

Begin authentication

Once you’ve created the Application Link, go to Faraday’s Settings and select the Ticketing Tools section. Once there, select JIRA and you will see a section named OAuth Authentication. Here, all you need to do is to type the Consumer Key that you specified in the Application Link and click on the button next to the input field to begin the authentication process. The text right next to the button will show you the status of the process. If everything goes well, the status will be Authenticated.
Once you’ve been authenticated to Jira using OAuth1.0a, you’ll be able to send vulnerabilities to Jira without providing any credentials.

RSA Keys

Generate RSA keys: faraday-manage generate-rsa-keys --integration jira

Show current RSA keys: faraday-manage show-rsa-keys --integration jira

Remove current RSA keys: faraday-manage remove-rsa-keys --integration jira


Issuetracker

Once the vulnerability has been sent to JIRA, add the column issuetracker so you can see a link that will lead you to the issue in JIRA.


Issuetracker's JSON

We added the issuetracker_json field which, if you’re using our JIRA, will give you details about the issue you created from Faraday to your ticketing instance. You can also use this field on your Executive Reports, and can render either the URL of your issue or just the ID for it.


Save JIRA's Configuration

To save JIRA's configuration, go to Settings:

 

Then go to the Ticketing Tools section:



URL and Project Key

Use these fields to save the URL of your Jira's instance and to save the Project Key where you want the vulnerability to be sent.

Issue’s configuration

In the Issue’s Configuration section, you can set the way you want the vulnerabilities to be parsed as JIRA’s issues. You can set the issue type in which the vulnerabilities will be sent or you can even use Jinja2 syntax to create your own templates to parse the vulnerabilities’ information and use these templates as the issue’s description in JIRA.

Issuetype

This is the type of issue that can be created and tracked via JIRA. The vulnerability that you send from Faraday will be created in JIRA with the issue type that you define here. Nowadays, Faraday accepts the following issue types: Improvement, Task, New Feature, Bug, and Epic. Note: if you want to use the issue type Epic, you need to use also JIRA's custom fields. In section JIRA's custom fields you will find more information about them.

Template

The template's name where you'll define the issue's description. You can call any attribute of the vulnerability object using Jinja2 syntax. E.g., if you want your issue in JIRA to have as description the target, the hostnames, and the severity of the vulnerability, the template would be as follows:
  1. Target: {{target}}
  2. Hostnames:
  3. {%for hostname in hostnames%}
  4.     - {{hostname}}
  5. {%endfor%}
  6. Severity: {{severity}}
This template must be located inside the folder /home/faraday/.faraday/integrations_templates/.

You can use Markdown in the template since issue's description field in JIRA accepts it.

JIRA's custom fields

You can use JIRA's custom fields in addition to the built-in fields in the issue JSON config. E.g., you want to use the issue type Epic. To do so, you need to use JIRA's custom field Epic Name to provide the name of the epic. Let’s assume that the custom field Epic Name in your JIRA’s instance has the ID 99999. To add this custom field to your issue’s configuration, you need to type customfield_99999 in the Add JIRA’s Custom Field input and then click on the button right next to the input. If you don’t type the custom field correctly, an error message will be displayed. Once you add it, remember to type the epic’s name in the input field.

Be aware to use the right custom field ID. These codes may vary according to the JIRA's server instance.

You can also link an issue to an Epic. To do so, look after the custom field Epic Link of your instance and add it to your issue’s configuration (just as the example above). Once you add it, you need to type in the input field the issue keys of the epic.


    Still looking for answers? You can try opening a ticket.
      • Related Articles

      • Settings

        In order to make Faraday's usage smoother, we have created the Settings section. Here, you can create new Custom Fields and edit Ticketing Tools configuration. To go into Settings, click on User's menu and then click on Settings: As you can see, for ...