Skip to content
NightVision Docs

JIRA

Description

Section titled “Description”

This repository contains scripts and configurations to interact with Jira and manage project vulnerabilities using NightVision SARIF reports.

Jira Integration Repository

Preview: Example Results

Section titled “Preview: Example Results”

NightVision explains how the vulnerability was exploited, why it matters, and where to fix it. NightVision explains how the vulnerability was exploited, why it matters, and where to fix it.

Prerequisites

Section titled “Prerequisites”
  • Python 3.x
  • Jira account and API token
  • NightVision account

Setup

Section titled “Setup”

  1. Clone the repository:

    Terminal window
    git clone https://github.com/nvsecurity/jira-issue-from-sarif.git
    cd jira-issue-from-sarif

  2. Install required packages:

    Terminal window
    pip install argparse jira

  3. Set environment variables (or pass these arguments directly to the scripts):

    Terminal window
    export JIRA_URL='your_jira_url'
    export JIRA_USER_EMAIL='your_jira_user_email@example.com'
    export JIRA_API_TOKEN='your_jira_api_token'   # see Create Jira API Token below
    

    export JIRA_PROJECT_ID='your_jira_project_id' # see Find Jira Project ID below
    export JIRA_ISSUE_TYPE='your_jira_issue_type' # optional, defaults to 'Task'
    export JIRA_COMPONENT='your_jira_component'   # optional

Usage

Section titled “Usage”

Create Jira API Token

Section titled “Create Jira API Token”
  1. Go to Jira API tokens.
  2. Create a new API token and copy it.

Find Jira Project ID

Section titled “Find Jira Project ID”

  1. Run the following command to get Jira project IDs:

    Terminal window
    python get-jira-project-id.py

    Usage:

    usage: python get-jira-project-id.py [-h] --url URL --email EMAIL --token TOKEN
    

    Create Jira tickets from SARIF report.
    

    optional arguments:
    -h, --help     show this help message and exit
    

    Jira server credentials:
    --url URL      Jira server URL (JIRA_URL environment variable)
    --email EMAIL  Jira user email (JIRA_USER_EMAIL environment variable)
    --token TOKEN  Jira API token (JIRA_API_TOKEN environment variable)

  2. Select the Jira Project ID you need. Example output:

    Projects Available: 2
    

    1
    Project ID: 10001
    Name      : NightVision
    Key       : NV
    

    2
    Project ID: 10004
    Name      : NV Sales
    Key       : NS

Create Tickets from SARIF

Section titled “Create Tickets from SARIF”

  1. Export NightVision SARIF report for a specific scan:

    Terminal window
    nightvision export sarif -s "your_scan_id" --swagger-file "./your/swagger/file/path.yaml"

    This should create a results.sarif file in your current directory.

  2. Create Jira tickets from the SARIF report:

    Terminal window
    python sarif-to-jira.py -p "your_project_id"

    Usage:

    usage: python sarif-to-jira.py [-h] --url URL --email EMAIL --token TOKEN -p PROJECT-ID -i TYPE -c COMPONENT
    

    Create Jira tickets from SARIF report.
    

    optional arguments:
    -h, --help            show this help message and exit
    

    Jira server credentials:
    --url URL             Jira server URL (JIRA_URL environment variable)
    --email EMAIL         Jira user email (JIRA_USER_EMAIL environment variable)
    --token TOKEN         Jira API token (JIRA_API_TOKEN environment variable)
    

    Issue properties:
    -p PROJECT-ID, --project-id PROJECT-ID
                            Jira Project ID (JIRA_PROJECT_ID environment variable)
    -i TYPE, --issue-type TYPE
                            Issue type - defaults to 'Task' (JIRA_ISSUE_TYPE environment variable)
    -c COMPONENT, --component COMPONENT
                            Issue component (JIRA_COMPONENT environment variable)