Jira

[BNYBLN030]

How Is the correct way to Connect jira with seccubus?
The documentation Is very Slim ...:(

[MrSeccubus]

The only JIRA integration we currently have is that you can make turn the external reference for an issue clickable.

To do this find this section in you config:

	<tickets>
		<url_head>https://jira.atlassian.com/browse/</url_head>
		<url_tail></url_tail>
	</tickets>

This will turn external reference test-1 into a clickable link to https://jira.atlassian.com/browse/test-1

[BNYBLN030]

@seccubus okay i unterstand, that means that no Data/findings Push automaticly to jira ??

[MrSeccubus]

It's high on my list of things I want to do, but I have limited development capacity.
Would be great if somebody could help.

[Ar0xA]

ok, I'll add it. How's this sound:

1. I'll start with expanding the tickets with the option for an API-key to interface with jira. My suggestion would be to create a config option <ticket_type>JIRA</ticket_type> and <api_key> config options. This way other ticket API interfaces could be made at a later point.

2. I'll then add the ability, in the gui, create an automatic ticket of the selected (one or more) issues. This will include checking if there's already a valid external reference ticket. If a ticket already exists, it will not do anything.

3. I'll add the ability to, once a scan is finished, to automatically create a jira link for findings above a certain level <min_ticket_level> or something similar. This will include checking if the finding already has an external reference or not.

4. everything else.

or 2 and 3 reversed..whichever feels easier at that point :)

Obviously doing this in my spare time, so might take a while, be patient.

[MrSeccubus]

1. I'll start with expanding the tickets with the option for an API-key to interface with jira. My suggestion would be to create a config option <ticket_type>JIRA</ticket_type> and <api_key> config options. This way other ticket API interfaces could be made at a later point. Yes, makes sense... 1. I'll then add the ability, in the gui, create an automatic ticket of the selected (one or more) issues. This will include checking if there's already a valid external reference ticket. If a ticket already exists, it will not do anything. Since I already have the issue feature in the gui, why not create a 1-on-1 link between issues and tickets? That seems much more straight forward. 1. I'll add the ability to, once a scan is finished to automatically create a jira link for findings above a certain level <min_ticket_level> or something similar. Lets work on the first two first. I have a framework in mind for auto creation/updating of stuff. In our setup the project is different for each of the workspaces. So I would suggest that you also expand the workspace object to include a JIRA/Ticket project. Frank