I’m very interested in trying to use Security in Jira for our vulnerability management/triage. However, we use custom tools, so I need a way to get the data into Jira, since we don’t use Snyk or one of the other native tools.
I talked to the PM’s behind this tool a while ago, and they mentioned that you can get vulnerability data into Security in Jira via an Atlassian Connect App.
I’m not familiar with connect apps, but I tried to look around the reference to see what the routes looked like so I could see if we’d be able to integrate, but I don’t see anything anywhere.
Has anyone else used connect apps to get vuln data into security in Jira? If so, I’d be really helpful if someone could point me to the spot in the dev docs about this so I can take a look!
Welcome to the Atlassian developer community @BrandonAxtmann,
Yes, it is possible to build “one-off” integration with in-house tools, open source products, or even SaaS products that just haven’t built integration yet. Atlassian Connect provides framework for managing the lifecycle of integration (install, configuration, uninstall), UI extensibility, and auth for REST APIs & webhooks. For this use case, you won’t need to do much more than send data to the right APIs, which are the Security Information endpoints in the Jira Software REST API. That said, you may need a little UI to handle configuration of outbound auth, to whatever tool you are connecting. And, hopefully, you’ve also discovered that Atlassian Connect is something of a “you build it, you run it” model, where there will be a service that you need to host on the Internet, even if the integration is just for your own use.
Hey @ibuchanan Would you mind developing a bit more on this?
I’ve being trying to integrate our in-house app using the Security Information endpoints you mention, but I am hitting a wall for a few days now, as it seems a Test/Security app must be added to the toolchain for a project to be able to use it for the Security Container feature, yet adding such a private-listing Jira Connect app to the toolchain is not possible
Welcome to the Atlassian developer community @jOx,
Can you explain more? I see how that flows in the UI but I’m not clear on what is blocking you in the APIs. Meanwhile, let me reach out to the engineering team to see if they are aware of this. If true, it would be the first kind of Connect module that has this kind of dependency on Marketplace.
I configured the with the proper URL and credentials, in fact, I’m able to submit vulnerabilities, nevertheless in the security area, I do not find the custom connect tool to set up.
But, I’ve seen only the vulnerability on the ticket:
Is it intended to show vulnerabilities in the ticket, or is it possible to use by API the security area?
Hi @ibuchanan
we have a security plugin in Jira, which is built using the Atlassian Connect framework.
As part of our ongoing development efforts on this project, we would like to test the changes we made hence we are working on integrating dev version of this security plugin with our Atlassian project toolchain for verifying changes in our development environment. To facilitate this integration, I am using the GraphQL query provided by your team for testing purposes. However, I am encountering an error related to the createJiraProjectAndDevOpsToolRelationship field in the query.
The error message received is as follows:
"Validation error (FieldUndefined@[createJiraProjectAndDevOpsToolRelationship]): Field 'createJiraProjectAndDevOpsToolRelationship' in type 'Mutation' is undefined"
**NOTE**: This graphql query worked file for us during our first phase of development for this security plugin.
This error prevents me from progressing with the configuration. I suspect that this field might have been renamed or that the query has been modified recently.
Could you please provide guidance on resolving this issue or confirm if any recent changes have been made to the query or field?
For reference, here is the query I am using:
mutation createToolRelationship {
createJiraProjectAndDevOpsToolRelationship(
input: {
jiraProjectId: "ari:cloud:jira:<cloud-id>:project/<project-id>"
devOpsToolId: "ari:cloud:devops:<cloud-id>:tool/<application-key>"
}
) {
success
errors {
message
}
jiraProjectAndDevOpsToolRelationship {
id
devOpsTool {
id
name
productKey
}
}
}
}
Your assistance in resolving this issue would be greatly appreciated.
Would you mind developing a bit more on this?
