seccubus icon indicating copy to clipboard operation
seccubus copied to clipboard

Published 20 hours ago verified publisher icon seccubus

Jira

Open BNYBLN030 opened this issue 7 years ago • 5 comments

How Is the correct way to Connect jira with seccubus? The documentation Is very Slim ...:(

BNYBLN030 avatar Sep 13 '17 13:09 BNYBLN030

The only JIRA integration we currently have is that you can make turn the external reference for an issue clickable.

To do this find this section in you config:

	<tickets>
		<url_head>https://jira.atlassian.com/browse/</url_head>
		<url_tail></url_tail>
	</tickets>

This will turn external reference test-1 into a clickable link to https://jira.atlassian.com/browse/test-1

MrSeccubus avatar Sep 13 '17 14:09 MrSeccubus

@seccubus okay i unterstand, that means that no Data/findings Push automaticly to jira ??

BNYBLN030 avatar Sep 13 '17 15:09 BNYBLN030

It's high on my list of things I want to do, but I have limited development capacity. Would be great if somebody could help.

MrSeccubus avatar Sep 13 '17 16:09 MrSeccubus

ok, I'll add it. How's this sound:

  1. I'll start with expanding the tickets with the option for an API-key to interface with jira. My suggestion would be to create a config option <ticket_type>JIRA</ticket_type> and <api_key> config options. This way other ticket API interfaces could be made at a later point.

  2. I'll then add the ability, in the gui, create an automatic ticket of the selected (one or more) issues. This will include checking if there's already a valid external reference ticket. If a ticket already exists, it will not do anything.

  3. I'll add the ability to, once a scan is finished, to automatically create a jira link for findings above a certain level <min_ticket_level> or something similar. This will include checking if the finding already has an external reference or not.

  4. everything else.

or 2 and 3 reversed..whichever feels easier at that point :)

Obviously doing this in my spare time, so might take a while, be patient.

Ar0xA avatar Nov 20 '17 18:11 Ar0xA

  1. I'll start with expanding the tickets with the option for an API-key to interface with jira. My suggestion would be to create a config option <ticket_type>JIRA</ticket_type> and <api_key> config options. This way other ticket API interfaces could be made at a later point.

Yes, makes sense...

  1. I'll then add the ability, in the gui, create an automatic ticket of the selected (one or more) issues. This will include checking if there's already a valid external reference ticket. If a ticket already exists, it will not do anything.

Since I already have the issue feature in the gui, why not create a 1-on-1 link between issues and tickets? That seems much more straight forward.

  1. I'll add the ability to, once a scan is finished to automatically create a jira link for findings above a certain level <min_ticket_level> or something similar.

Lets work on the first two first. I have a framework in mind for auto creation/updating of stuff.

In our setup the project is different for each of the workspaces. So I would suggest that you also expand the workspace object to include a JIRA/Ticket project.

Frank

MrSeccubus avatar Dec 08 '17 07:12 MrSeccubus