You can set up STO to create Jira tickets for issues detected by STO scans. This topic describes how to set up this integration.
This integration has a separate setup path that is unrelated to other Jira-related integrations in Harness pipelines. To open Jira tickets for security findings in STO, you must set up the integration as documented below. You cannot use other Jira workflows to create Jira tickets in STO. For example, you cannot integrate Jira with STO using Custom steps with Jira Create or other related steps.
Set up the STO/Jira integration
Create an API key for your Jira account. For more information, go to Manage API tokens for your Atlassian account in the Atlassian documentation.
Create a Jira connector as described in Connect to Jira. Note the following:
- Create your connector at the Account level.
- Create a text secret for your Atlassian API key. You must use the Harness Secret Manager to store this key. Don't use an external secret store, such as Vault.
Go to Account Settings > External Tickets and select the following:
The Jira connector you just created.
The default Jira project where you want to create your tickets. (You can select a different project when you create a ticket.)
Create a Jira ticket from an STO issue
You can only create Jira tickets for targets that have baselines specified. For more information, go to Targets, baselines, and variants in STO.
Go to the Pipeline Execution > Security Tests page with the detected issue.
Click on the issue to select it. Then click Create Ticket.
In Create Ticket in Jira, set the options as follows:
Scope Create a ticket for all occurrences of the issue in the current target (This target), or create a ticket for all occurrences of the issue across all targets in the project (This project).
Jira Project The Jira project for the ticket. The drop-down includes all Jira projects available via the Jira Connector.
Issue Type The Jira issue type for this ticket.
Title The Jira issue title.
Notes Any notes you want to add to the ticket.
Click Create. The Jira connector sends the request to the Jira API and Jira creates the ticket.
The following happens when you create a Jira ticket:
The Issue Details pane replaces the Create Ticket button with the Jira issue number and status.
The Jira issue includes a link back to the detected issue in the STO UI.
The Jira link points back to a Ticket Summary that shows all detected issues tracked by the ticket.