Xray Policies and Watches must be configured for the JFrog Security in Jira application to automate monitoring and management of software artifacts for vulnerabilities and security violations. Check our resources page for more info.
Within JFrog Security in Jira, a Workspace is a Policy that is attached to a Watch. Each selected Workspace contains resources, which are equivalent to containers. Any violations related to these Policies will appear under the Security tab. Once the Workspaces have been added, map the containers in the project to see the related violations on the Project Page.
To add workspaces:
Navigate to the "Workspaces" page in the menu.
Click on "Add Workspace."
In the "Add Workspaces" pop-up, select the Policies that are attached to a Watch from the list of available Watches.
Click "Save" once finished selecting the desired workspaces.
All selected workspaces will appear in the "Your workspaces" table.
After completing the Workspaces process, go to the "Security" tab of your project and verify that the "Configure your security tools" step is marked as completed.
Map the Containers to Your Jira Project
Click on "Link security containers".
Under "JFrog Security in Jira", click on "+ Add security container or "+".
An "Add container" pop-up will appear.
In the left dropdown, select the desired workspace.
In the right dropdown, select all the resources from that workspace.
Click "Add container" to add the resources to your Jira project.
Perform operations on the added resources, by clicking on the "..." icon linked to the resource:
"Open in JFrog Xray" will open JFrog's Xray Platform, where you can view detailed information about the selected resource.
"Open in Security" will take you to Jira Security, where you can review specific details about vulnerabilities associated with the selected resource.
"Remove connection" will remove the resource from your current setup.
In the Security tab, create a Jira ticket using "Create issue" in the Vulnerabilities table.