Manage your vulnerability fixes in the same place as all other tasks.
Your ticketing system is where you store your upcoming tasks and rank your To-Dos according to importance. We strongly believe that severe security vulnerabilities should be on the top of your list. Therefore, we explain in this article how you can use our tool to create automatic tickets if vulnerabilities should be detected.
For this article, we assume you have a CI/CD integration that automatically starts our scans and receives our reports. If you need help on that aspect, please visit our CI/CD integrations article or our example with Circle CI.
We will also look at how this connection could work through your vulnerability management system (such as DefectDojo).
Jira is an issue and project tracking system sold by Atlassian.
The platform allows development teams to capture and prioritize tickets that need to be developed. We encourage development teams to create tickets for known vulnerabilities in their application so the remediation is planned and tracked. Jira offers an API to script the interaction with other software. Via this API, you can script the creation of issues individually or in bulk.
Because Jira setup (issue names, team rules, etc.) is slightly different for each customer, we cannot offer a copy/paste example that gets you started. We are here to help, though, and can offer you some guidance on what we have experienced with other customers to get the Jira integration up and running. Please contact us with any questions.
Integration via DefectDojo
If you are using Jira and DefectDojo, there is a neat way to integrate the two tools. The Defect Dojo API allows you to set up two-way communication.
So in an ideal scenario, once you create an issue in DefectDojo, a new issue in Jira is automatically created, including the important information on how to remediate and where it was found.
Let’s assume the vulnerability was closed, and the corresponding Jira ticket was closed. Then the related finding in DefectDojo will be closed. Neat, right?
Asana is a project management solution that helps teams to organize and prioritize work.
Similar to Jira, Asana offers an API to script the interaction with their software. Creating a new task is as easy as POSTing to the /tasks endpoint with a data block containing the fields you’d like to set on the task. Any unspecified fields will take on default values.
Because Asana setup (task names, team rules, etc.) is slightly different for each customer, we cannot offer a copy/paste example that gets you started. We are here to help, though, and can offer you some guidance on what we have experienced with other customers to get the Asana integration up and running. Please contact us with any questions.