Application Security Platform
Issue trackers

Jira using HTTPS Basic token

This document is for:
Invicti Platform

Integrating Invicti Platform with Jira automates vulnerability tracking. Instead of manually creating tickets, Invicti automatically generates Jira issues for detected vulnerabilities, streamlining your software development and bug-fixing process, and allowing you to prioritize and remediate issues. This integration ensures security is built into your development workflow.

This document explains how to integrate Invicti with Jira in 4 steps:

Prerequisites

SSL certificate requirements

While using self-signed certificates with Invicti On-Premises and/or Jira On-Premises is possible, it is not supported for setups that involve integrating Invicti with Jira:

  • If you are using Invicti On-Premises, the Invicti configuration must have a valid SSL/TLS certificate, signed by a globally trusted certificate authority.
  • If you are using Jira On-Premises, the Jira configuration must have a valid SSL/TLS certificate, signed by a globally trusted certificate authority. Note: The configuration of SSL/TLS certificates on your Jira server is outside the scope of Invicti support.
  • Be aware that Jira requires this configuration, particularly for webhooks.

Other requirements

Before integrating Invicti with JIRA, ensure the following requirements are met:

  • You have a valid JIRA account.
  • A JIRA project has been created where all the found vulnerabilities are going to be sent.
  • An API token is generated to secure communication between Invicti and JIRA:
  • JIRA work item types are configured to align with Invicti severity levels.
  • Your JIRA system allows incoming API requests. Follow the appropriate whitelisting instructions below:

Step 1: Configure Invicti

  1. In Invicti, select Integrations from the left-side menu.
  2. Switch to the All integrations tab.


  1. Scroll down to the Issues trackers and select Configure in the Jira tile.

  1. In the Configure and authorize section
  • Enter a name for your integration. For this example, we have used Invicti issues.
  • Fill in the Jira base URL.

  • Choose the Basic Authentication type, then enter your Account Email and the Access token. Use your Personal Access Token for Jira On-Premises or your API Token for Jira Cloud.

  • Click Validate & load projects, to load your project and issue details.
  1. In the Project configuration section, provide the following details:
  • Select a Project from the drop-down list. This is where the found vulnerabilities are going to be sent.
  • Specify the Issue type as Vulnerability.
  • Issue title formatting: Choose the format for the work item title.
  • Included details: Use the drop-down menu to select the information to include in the work item details.
  • Optionally, select Yes to include a link to the report and attach a PDF report.

  • Click Next.
  1. In the Issue mappings section:
  • Copy and save the Webhook URL value for later use in the JIRA configuration.
  • Set your Bi-directional issue status mappings - you can choose any status from your JIRA configuration.

  1. Next, assign field values. These items change based on the selected Project and Work item type.

  1. Assign Field mappings: Map Invicti Vulnerability Severity levels to Jira severity values.
  2. In the Field mappings panel assign Invicti fields to Jira fields or values. You have the option to add more field values. Use the Add New button to do so.

Field mappings

  1. Use the Create sample issue to test the configuration. Then, select Save and Finish to complete the setup.

Save and finish

  1. The vulnerability is now created and visible in your Work items list in the selected Jira project.

Step 2: Submit vulnerabilities to Jira

After identifying vulnerabilities, you can forward them to the designated issue tracker. The process is consistent across all supported issue trackers. For detailed instructions, refer to the linked documents.

Step 3: Configure JIRA integration WebHook (optional)

  1. In your JIRA interface, go to Administration > System > Advanced > WebHooks in the sidebar:

Jira webhooks menu item

  1. Click Create a WebHook and start with the configuration:
  • Enter the Name (e.g., Invicti WebHook listener).
  • Paste the copied Webhook URL into the URL field.
  • Optionally, provide a Secret and Description for your WebHook.
  • Events: Choose Issue -> updated event for WebHook notification (other event types are NOT supported).
  • Scroll to the bottom and click Create.

Step 4: Test your webhook functionality

  • If you have not done so during step 3, navigate to the Jira integration in Invicti and click Create sample issue.
  • In JIRA navigate to the JIRA ticket and adjust the status to False positive:

  • In Invicti, navigate to the Vulnerabilities page and filter the list by status = False Positive:


Share This Article