Integrate Endor Labs with Jira and automatically create Jira tickets in specific projects when configured policies are violated. This integration automates the process of generating Jira tickets within your organization’s existing security workflow. This integration is supported on Jira Cloud.
To integrate Endor Labs with Jira:
- Generate Jira API token
- Configure Jira Integration on Endor Labs
- Associate an action policy with a Jira notification
Generate Jira API token
Generate Jira API credentials that you want to use to sign in to Endor Labs.
Note: It is recommended that the Jira account used for this integration includes only the following set of minimum required permissions.
- Create Issues
- Transition Issues
- Assign Issues
- Resolve Issues
- Add Comments
- Sign into your Jira account.
- Navigate to your Jira profile.
- Under API tokens, click Create API Token.
- Enter a concise label to distinguish your token and click Create.
- Click Copy to clipboard, and have the token handy to enter in the Endor Labs application.
Note: The token cannot be viewed after closing the form. Copy it to a secure location and have it handy. Do not share the token.
Configure Jira Integration on Endor Labs
Set up Jira integration on the Endor Labs application.
- Sign in to Endor Labs.
- From the sidebar, navigate to Integrations.
- Under Notifications, click Manage for Jira.
- Click Add Notification Integrations.
- Enter a name and description for the integration.
- Enter a Jira user name. The user account is displayed as the reporter for all the tasks or bugs created in Jira for this notification.
Note
It is recommended to create a new user account for receiving Jira notifications from Endor Labs. - In API Key, enter the API token that you generated from Jira.
- In Jira URL, enter the HTTPS endpoint of your Jira instance.
- In PROJECT Key, enter the project key in which you want to create the Jira notifications. The project key is the prefix of the bug or task ID. For example, if the project key is ABC, the task or bug is created with ID in the format ABC-xxx.
- In ISSUE TYPE, enter the notification issue type such as
Task
,Bug
,Story
,Sub-Task
, orEpic
. The issue type is case-sensitive. Make sure to match with an exact issue type on your Jira board.Note
Make sure the endortcl version is 1.6.547 or higher to use ISSUE TYPE. - In RESOLVED STATUS, specify the resolved status used in your Jira projects. For example,
Completed
. After the findings are resolved, the Jira ticket will be updated to this status. If you don’t specify a status, Endor Labs will attempt to determine your project’s resolution status and default to one of the following, in order of priority:Done
,Resolved
,Closed
, orFixed
.Warning
If you do not provide a resolved status and your project’s resolved status does not matchDone
,Resolved
,Closed
, orFixed
, you will be unable to configure the integration. - In LABELS, enter a label and associate it with your Jira notifications.
- Click Add Custom Field to add custom KEY-VALUE pairs in the created Jira ticket. For example, you can add KEY as Source and associate it to Endor Labs in VALUE, so that every notification created will now have the information Source = Endor Labs associated with the ticket.
Note
Make sure the endortcl version is 1.6.567 or higher to use Custom Fields. The KEY defined as a custom field must already exist in your Jira project, otherwise, the notification cannot be saved. - Click Propagate this notification target to all child namespaces to apply this Jira notification target to all child namespaces within the hierarchy.
- Click Add Notification Integration.
Manage Endor Labs Jira notifications
You can view and manage the Endor Labs Jira notifications created for a project.
- From the sidebar, navigate to Integrations.
- Under Notifications, click Manage for Jira.
- To edit a notification, click the vertical ellipsis and choose Edit Notification Integration.
- To delete a notification, click the vertical ellipsis dots and choose Delete Notification Integration.
Associate an action policy with a Jira notification
Users can create action policies to execute a recommended action when a policy is violated. For example, if there is a license compliance violation, you can create a Jira ticket and notify the required personnel.
While creating an action policy, configure the following settings:
- Select Choose an Action as Send Notification.
- From SELECT NOTIFICATION TARGETS, choose the Jira integration notification that you created.
- Choose an Aggregation type for Jira notifications. Choose Project to trigger a single notification for all findings, or choose Dependency to trigger multiple notifications for every dependency. See Aggregation types for more details.
A parent ticket is created with the selected issue type, either Task or Bug. The parent ticket includes the project name. Each identified dependency is grouped under a dedicated sub-ticket. The sub-ticket includes both the project name and dependency name. Findings without any dependency are grouped in a separate sub-ticket. During future scans, the existing sub-ticket status is updated or resolved. If a new dependency is found, a new sub-ticket is created.
View Jira ticket details
Users can view the created Jira ticket details on the Endor Labs application. Users have the ability to observe specific information such as the status of tickets (whether they are open or closed), the associated action policy, the number of violations, and other important details. This aids in seamless troubleshooting and identification of both unresolved and resolved issues.
- From the Endor Labs application, navigate to Manage and click Notifications.
- Navigate across the Open, Resolved, or All tabs to view the issues listed under them.
- You can view specific details such as created date of the ticket, the name of the policy, the name of the project, the number of violations, and any labels associated with the projects.
- Choose a notification and click the vertical three dots on the far right side and choose:
- Dismiss Notification: Clear this notification if it is no longer valid. It will be marked in grey.
- Show Details: View the Jira ticket number and you can also navigate to Jira.
- Go to Policy: View configuration details of the policy that created this Jira ticket.