django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

When closing a linked Jira with comment added, the comment is not added to the Notes on Defect Dojo

Open jeremychoi opened this issue 2 years ago • 3 comments

Bug description

Where a Jira issue is linked to a Defect Dojo finding, when closing the linked Jira, the accompanying comment does NOT appear on the notes section of the Defect Dojo finding. Only the status of the finding is changed without the comment added.

Steps to reproduce Steps to reproduce the behavior:

  1. Create a Jira issue from a Defect Dojo finding
  2. Close the linked Jira, while adding 'comment'
  3. Check the 'notes' section of the Defect Dojo finding to see if the comment has been added.

Expected behavior The Jira comment should be added to the 'notes' of the Defect Dojo finding.

Deployment method (select with an X)

  • [ ] Docker Compose
  • [X] Kubernetes
  • [ ] GoDojo

Environment information

  • Operating System: Debian (the official DeDo image)
  • DefectDojo version (see footer) or commit message: v. 2.27.4

Logs To be provided when requested. Pls let me know what to look for from the log files.

jeremychoi avatar Dec 15 '23 04:12 jeremychoi

In version 2.31.4 have this problem too

apxitekt0r avatar Feb 29 '24 23:02 apxitekt0r

Issue still exists in latest version : 2.46.4, created a new issue here : https://github.com/DefectDojo/django-DefectDojo/issues/12625

mahesh-ppro avatar Jun 18 '25 11:06 mahesh-ppro

In the docs are some troubleshooting steps. Could you let us know what you find out? https://docs.defectdojo.com/en/share_your_findings/troubleshooting_jira/#changes-made-to-jira-issues-are-not-updating-findings-in-defectdojo

valentijnscholten avatar Jun 18 '25 12:06 valentijnscholten

Hello @valentijnscholten We are still having this issue. Here is the summary:

  • Integration with Jira has been verified.
  • When we add a finding, new jira ticket is successfully created and we are able to see the jira ticket on DD.
  • When we add note in DD, it is reflected in Jira as comments.
  • but the other way isn't working meaning when we add the comment in Jira it is not getting reflected in DD as a note.
  • Also when we close the Jira it is not updated in DD

Could you guide us here

mshekhar-ppro avatar Sep 18 '25 07:09 mshekhar-ppro

We'll try to take a look soon. Contributions are welcome!

valentijnscholten avatar Sep 19 '25 18:09 valentijnscholten

I have looked at the code and comments added during issues updates should be parsed and stored on the Finding in Defect Dojo. I compared the example webhook json body we have and it still matches the documentation of Atlassian. I've added a test case to assert that the comment is found, parsed and stored and this test passes: https://github.com/DefectDojo/django-DefectDojo/pull/13232

These are based on the templates from JIRA Server / Datacenter. The JIRA Cloud docs do no provide any info on how comments are present in the webhook body of an issue update vent: https://developer.atlassian.com/cloud/jira/platform/webhooks/

I vaguely remember that some versions of JIRA or the JIRA Cloud did not include comments and was sending these as separate events (or not at all).

Could someone capture the webhook bodies sent by JIRA and share them here? A helpful tool could be https://webhook.site/ to capture these requests.

When rereading all of the above it's not 100% clear if the problem is that the Finding is closed in Defect Dojo but the comment is missing, or if the Finding is also not closed in Defect Dojo which would mean the webhook code is not triggered at all. I've updated the title of this issue as it seems to be more about generic incoming webhook issues.

Please confirm first that notes added in JIRA are added to Defect Dojo Findings before testing the "Close issue in JIRA with comment" flow.

valentijnscholten avatar Sep 21 '25 08:09 valentijnscholten