Support
Issue Tracking Systems

Integrating Invicti Enterprise On-Premises with Jira

This document is for:
Invicti Enterprise On-Premises

Jira is an issue-tracking software application with agile project management and bug tracking features. Jira allows you to order and prioritize issues and bugs, as well as add issue types, fields and workflows as the project develops. Jira shares customer support tickets with other issue tracking systems.

This topic explains how to configure Invicti Enterprise On-Premises to send a detected issue to Jira. Using the On-Demand? See Integrating Invicti Enterprise On-Demand with Jira.

Invicti Enterprise has out-of-the-box support for resolving and reactivating Jira issues according to the scan results, in addition to automatic issue creation. Invicti Enterprise uses user-provided Resolved and Reopened statuses in Jira for this purpose.

To enhance issue synchronization support, Invicti Enterprise also offers webhook support. This enables you to detect any status changes in Jira issues opened by Invicti Enterprise.

  • Invicti Enterprise generates a Webhook URL after you save your integration settings. When you register this link as a webhook in your Jira project, and enter your preferred Resolved and Reopen statuses, you will complete Invicti Enterprise issue synchronization for your integration.
  • When you change your Jira issue’s status to your preferred Resolved status, the issue is automatically marked as Fixed (Unconfirmed) in Invicti Enterprise and a retest scan is started. And, when you change your Jira issue’s status to your preferred Reopened status, your corresponding Invicti Enterprise issue is automatically marked as Revived.

Jira fields

This table lists and explains the Jira fields on the New Jira Integration page.

Button/Section/Field Description
Name This is the name of the integration that will be shown elsewhere in Invicti Enterprise.
Mandatory This section contains fields that must be completed.
URL This is the Jira instance URL.
Username or Email This is the username if self-hosted. This is the username or email address if hosted by Atlassian.
Access Token or Password This is the personalized access (API) token of the user or the password. The API token can be retrieved from https://id.atlassian.com/manage/api-tokens.
Project Key This is the project key that is used to prefix the ids of issues for the specific project. The Key value is in the Settings>Projects table in Jira.
Issue Type This is the name of the issue type. The options are: Bug, Task, Story and Epic.
Title Format This is the string format that is used to create the issue title.
Optional This section contains optional fields.
Assigned To This is the user to whom the issue is assigned by default.
Auto assign to person who started the scan This is auto assigned to the user who started the scan.
Reporter This is the user who reports issues. You need to allow this feature in your Jira project, otherwise you’ll encounter an error (see Configuring User Mappings).
Priority This is the priority of the bug.
Security Level This is the issue security level.
Reopen Status This is the status of the reopened issues or tickets.
Resolved Status This is the status name of the resolved issues or tickets.
Template This is the type of the issue description’s template.

There are two template types for issue templates, Standard and Detailed. The Detailed template has additional fields such as Request, Response.

Epic Selection This is the option to choose creating an epic or adding issue to an existing epic.
Epic Name This is a short name to identify the epic. This value is required when epic is selected as an issue type. Issues will be created with this epic name.
Epic Name Custom Field Name This is a custom field name for Epic Name.
Epic Key This is a text identifier for the Epic. It is required to create issues that belong to an epic.
Epic Key Custom Field Name This is a custom field name for Epic Key.
Components These are the components that need to be defined before integration. They can be checked via https://yoursubdomain.atlassian.net/plugins/servlet/project-config/YOURPROJECTNAME/administer-components.

To add more than one component, seperate each one with a comma(,). For example: Component1, Component2.

Labels These are the issue labels.
Due Days This is the number of days from the date the issue was created to the date it is due.
Custom Fields This section contains Custom Fields.
New Custom Field Click to create a new custom field.
Name Enter a name for the new custom field.
Value Enter a value for the new custom field.

  • Complex: Enable this checkbox to use complex file type.
Create Sample Issue Once all relevant fields have been configured, click to create a sample issue.

How to use the Reporter field

To use the reporter field in Invicti, first follow the steps below:

  1. First you need to define a new user mapping, so Jira has something to select from the Reporter drop-down (see Configuring User Mappings).

  1. Next, you must enable this feature in your Jira project; otherwise, you’ll encounter an error:
  • Navigate here to see permissions (replacing ‘YOURSUBDOMAIN’ with your Jira project name): https://YOURSUBDOMAIN.atlassian.net/plugins/servlet/project-config/PROJECTID/permissions
  • From the Actions drop-down (top right), select Edit Permissions.

  • In the Grant permission section, in the Permission field, add Modify Reporter.

How to integrate Invicti Enterprise with Jira

  1. Log in to Invicti Enterprise.
  2. From the main menu, go to Integrations > New Integration > Jira.

Invicti's issue tracking integrations

  1. In the Name field, enter a name for the integration.
  2. In the Mandatory section, complete the connection details:
    • URL
    • Username or Email
    • Access (API) Token or Password
    • Project Key
    • Issue Type (Fill the Epic Name and Epic Value fields when Epic is selected as the Issue Type.)
    • Title Format (This is a string format that is used to create the issue title)
  1. Select Create Sample Issue to confirm that Invicti Enterprise can connect to the configured system. A confirmation message is displayed to confirm that the sample issue has been successfully created.

Jira integration settings

  1. In the confirmationmessage, select the Issue number link to open the issue in your default browser.
  2. If the Jira integration is not configured correctly, Invicti Enterprise will correctly route the following descriptive error messages to you. Sample error messages may be displayed as illustrated:
  • If the URL was entered incorrectly

  • If the Access Token or Password was entered incorrectly

  1. Select Save to save the integration.

How to export reported issues to projects in Jira

There are several ways to send issues to Jira with Invicti Enterprise:

  • Once notifications have been configured, you can configure Invicti Enterprise to automatically send issues after scanning has been completed.
  • You can send one or more issues from the Issues window:
    • You must have Manage Issue permission.
    • From the main menu, select Issues > All Issues. The Issues window is displayed.
    • On the Issues page, select one or more issues you want to send.
    • Select Send To > Jira.
    • A pop-up is displayed, with a link to the issue you have sent to Jira. If there is an error, this information will be displayed instead.

exporting issues to an integration endpoint

  • You can send an issue from the Recent Scans window:
    • From the main menu, select Scans > Recent Scans.
    • Next to the relevant scan, select Report.
    • Scroll down to the Technical Report section.
    • From the list of detected issues, select an issue and display its details.

    • Select Send To > Jira.
    • If you have already previously submitted this vulnerability to Jira, it will already be accessible. You cannot submit the same issue twice.
    • You can view the issues you have sent to Jira in the Open issues window.

How to register Invicti Enterprise-Jira Integration Webhook

  1. From the main menu, select Integrations > Manage Integrations.
  2. Next to the relevant Jira integration, select Edit.

  1. In the Webhook URL field, select Copy to clipboard ().
  2. Open Jira.
  3. From the main menu, go to  Settings > System > Webhooks.

  1. On the Webhooks page, select Create a WebHook.
  2. In the URL field, paste in the Webhook URL (from step 3). In the Issue related events field, select the updated checkbox in the Issue column.
  3. In the Jira Software related events field, enable the Exclude body option on Jira Webhook settings to prevent unnecessary data transfer. If data transfer is turned on, it may interfere with transfer limits and disrupt synchronization. (If you are going to make this change, it is essential to update the integration address.)

  1. Select Create.
  2. In Jira, select Issues. Then, navigate to the Open Issues page, then select the issue. From the Status drop-down, select DONE.

  1. The Webhook is triggered, and Invicti Enterprise initiates a new Retest process.
  2. In Invicti, from the main menu, select Issues > Waiting For Retest. The Issues window is displayed, showing the issues waiting to be rescanned. The scanning process will begin soon, depending on the availability of the scanning agents.

  1. If the issue is found again, the status will be updated to ‘Reopen Status’ instead of ‘To Do’ or ‘In Progress’.

There are only two categories (To Do and In Progress) for the Reopen status in Jira and there is only a single category for the Resolved status (Done). Other categories added afterwards are referred to as aliases, and these values cannot be used for integration with Invicti Enterprise. Please pay attention to the category definitions when defining your Workflow.

How to add custom fields

For information on creating a new custom field in Jira, first read Adding a custom field.
For the purposes of this example, we have selected Text Field. For other field types, see How to Add Complex Custom Fields.

  1. Open your project in Jira.
  2. From the gears icon drop-down (), select Issues.
  3. In the Fields category, select Custom Fields.

Alternatively, you can navigate to YOURSUBDOMAIN.atlassian.net/secure/admin/ViewCustomFields.jspa

  1. Select Create Custom Field (top right). The Select a Field Type dialog is displayed.
  2. Scroll down and select Paragraph (supports rich text) or Short text (plain text only).
  3. Select Next. The Configure ‘Short text (plain text only)’ Field step is displayed.

  1. In the Name field, enter a name. Select Create.
  2. In the Associate field New Field to screens field, select the screens you want to display the custom field.
  3. Before selecting Update, check the URL for the fieldId.

  1. Copy the value of the fieldId‘s parameter in the URL (in this example, it is ‘customfield_100XX’).
  2. In Invicti, navigate to the New Jira Integration or Update Jira Integration window. Configure your Jira integration. Then paste the fieldId‘s value (e.g. ‘customfield_100XX’) you copied from Jira into the Name field in the Custom Fields section.

  • Select Create Sample Issue to confirm that Invicti Enterprise can connect to the configured system. An issue is displayed like this, under MYCUSTOMFIELD, to confirm that the sample issue has been successfully created.

How to Add Complex Custom Fields

For information on creating a new custom field in Jira, first read Adding a custom field.

For the purposes of this example, we have selected Date Picker, but the steps are the same for other field types.

  1. Open your project in Jira.
  2. At the Select a field type step, select Date Picker as your complex custom field.

  1. Select Next. In the Name field, enter ‘DATEPICKERTEST‘,and select Create.

  1. Select screens according to your Jira settings.

    • If you want to change an existing field, in the Custom fields section, enter the custom field’s name into the Search box, to find the newly-created complex custom field. Search results are displayed.

  1. Select the context menu, then Associate to Screens.

  1. From the Issues list, select the screens you want to display the field.

  1. Check the current url for the fieldId.
  2. Copy the value of the fieldId‘s parameter in the URL (in this example, ‘customfield_10031’).
  3. This value will be used later in the Custom Fields’ Name field.

  1. To get the Date Picker and other types values, see Setting custom field data for other field types.

  1. In Invicti, in New Jira Integration or Update Jira Integration window, scroll down to the Custom Fields section and complete the following fields (examples shown):
    • Name: ‘customfield_100XX’ (replace with your custom field value)
    • Value: “2011-10-03” (value must be in “XXX” format)
    • Complex: Checked

  1. Select Create Sample Issue to confirm that Invicti Enterprise can connect to the configured system. A confirmation message is displayed to confirm that the sample issue has been successfully created.

  1. In the confirmationmessage, select the Issue number link to open the issue in your default browser.
  2. If the Jira integration is not configured correctly, Invicti Enterprise will correctly route descriptive error messages to you.
  3. In Jira, in the Invicti Enterprise [Test Issue] window, you’ll see the DATEPICKERTEST value.

  1. Enable the Complex field checkbox.

Otherwise you’ll encounter the following error.

This is what the issue looks like in Jira when the Detailed template is selected. Content that has more than 32767 characters is truncated.

Adding custom labels

To add custom labels to your Jira account and synchronize these labels with Invicti Enterprise, follow these steps:

Step 1: How to add custom labels in Jira
  1. Open your project in Jira.
  2. From the gears icon drop-down (), select Issues.
  3. In the Fields category, select Custom Fields.
  4. Select Create Custom Field (top right).
  5. Select Labels, then Next.

  1. From the Configure ‘Labels’ Field, add a name and description.
  2. Select Create.

This enables you to add custom labels to your Jira account.

Step 2: How to add custom labels in Invicti Enterprise.
  1. Log in to Invicti Enterprise.
  2. From the main menu, select Integrations > New Integration. (To edit your Jira integration, select Manage Integrations, instead.)
  3. Complete the remainder of the fields, as described in How to integrate Invicti Enterprise with Jira.
  4. From the Custom Fields section, select New Custom Field.
  5. Add Name and Value for your custom fields. (To add multiple values, separate them with a space as shown in the following image.)

  1. Select the Complex check box.
  2. Select Save.

On completing these steps, you can synchronize your custom labels between Jira and Invicti Enterprise.

Not found what you're looking for?

Open a ticket and our technical support team will assist you quickly.

Open a ticket This will redirect you to the ticketing system.