JFrog Xray Integration for Jira

JFrog Xray is the universal software composition analysis (SCA) solution that enables DevSecOps teams to proactively identify open source vulnerabilities and license compliance violations before they manifest in production.

Atlassian Jira is the issue tracking and project management used by agile development teams to track bugs, stories, epics, and other tasks.

Xray’s built-in integration with Jira enables automated creation of Jira issue tickets from the results of Xray deep security scanning of packages, builds, and release bundles in Artifactory. 

Once configured, every time Xray discovers a known security vulnerability or license policy violation, it will request a Jira project to create a new issue ticket for that threat. This helps notify developer, security, and quality assurance teams of new threats, and empowers those teams to prioritize and resolve them. 

Getting these security notifications in a Jira project makes it easier and more convenient for agile teams to track these threats along with other bugs in the industry-standard issue-ticketing tool they use every day.

Through Jira, teams can quickly assess, prioritize and address Xray-detected security and compliance issues, minimizing their potential impact and helping to ensure your organization is releasing software that’s safe and compliant.

This feature can be used in conjunction with the JFrog Artifactory App for Jira to also link Xray-created issue tickets to the builds where they are resolved.

Benefits of Integration

• Automate issue ticketing of Xray-identified vulnerabilities and violations to a Jira project
• Use Xray rules and policies to limit ticket creation
• Integrate threat reporting and resolution into existing project issue management
• JFrog security research adds to comprehensive threat information in ticket
• No add-on or plugin required
• Secure connection with authentication