Security In Jira - Add data from custom tools

Hi there,

I’m very interested in trying to use Security in Jira for our vulnerability management/triage. However, we use custom tools, so I need a way to get the data into Jira, since we don’t use Snyk or one of the other native tools.

I talked to the PM’s behind this tool a while ago, and they mentioned that you can get vulnerability data into Security in Jira via an Atlassian Connect App.

I’m not familiar with connect apps, but I tried to look around the reference to see what the routes looked like so I could see if we’d be able to integrate, but I don’t see anything anywhere.

Has anyone else used connect apps to get vuln data into security in Jira? If so, I’d be really helpful if someone could point me to the spot in the dev docs about this so I can take a look!

Thanks in advance!

Welcome to the Atlassian developer community @BrandonAxtmann,

Yes, it is possible to build “one-off” integration with in-house tools, open source products, or even SaaS products that just haven’t built integration yet. Atlassian Connect provides framework for managing the lifecycle of integration (install, configuration, uninstall), UI extensibility, and auth for REST APIs & webhooks. For this use case, you won’t need to do much more than send data to the right APIs, which are the Security Information endpoints in the Jira Software REST API. That said, you may need a little UI to handle configuration of outbound auth, to whatever tool you are connecting. And, hopefully, you’ve also discovered that Atlassian Connect is something of a “you build it, you run it” model, where there will be a service that you need to host on the Internet, even if the integration is just for your own use.

Hey @ibuchanan :wave: :slightly_smiling_face:
:question: Would you mind developing a bit more on this?

I’ve being trying to integrate our in-house app using the Security Information endpoints you mention, but I am hitting a wall for a few days now, as it seems a Test/Security app must be added to the toolchain for a project to be able to use it for the Security Container feature, yet adding such a private-listing Jira Connect app to the toolchain is not possible :thinking:

Welcome to the Atlassian developer community @jOx,

Can you explain more? I see how that flows in the UI but I’m not clear on what is blocking you in the APIs. Meanwhile, let me reach out to the engineering team to see if they are aware of this. If true, it would be the first kind of Connect module that has this kind of dependency on Marketplace.