Creating effective and manageable tickets in Jira or any issue-tracking system is crucial for maintaining an efficient workflow, clear communication, and project management.
A few strategies curated by Atlassian around organizing Projects are as follows,
Releasable product: Organizing your projects by releasable products or groups of work that share a common release cycle.
Team-based projects are another common organizational model. This allows your work to mirror your social organization and is convenient in less cross-functional setups, as it allows for more straightforward project permission management.
Business Unit: Closely related to organizing around teams, you might also consider organizing around larger business units - marketing, product, IX, IT, etc. Types of work will likely fall into similar patterns, making setting up workflows - and issue types particularly - more convenient.
Components: Be aware that using components, you can still sub-categorize issues within a given project.
We have seen our clients mix these strategies to have a solution that reflects their operational model.
Releasable Product
Your Jira will have a Project representing a “Product”. This project will be used to track all activities for the product.
When creating a releasable product, various teams within the same group will work together to produce the final artifact. For instance, the engineering team will develop the core product while the dev ops team will create artifacts for log shipping, deployment, and other related tasks. Additionally, the database team will provide utilities for initializing and migrating the database.
After scanning the final artifact, you may come across violations that need to be addressed by various teams depending on the impact path. In some cases, different teams may work together to resolve a CVE. For tracking purposes in Jira, you can assign relevant "Components" fields in each ticket.
Xray's Jira Integration supports this organizational structure. Set up three profiles for the same Jira Project with different components.
Afterwards, you will configure the relevant watch as follows. Here, we add two entries in the advanced settings to create a separate ticket whenever a violation affects anything under '**/DevOps/**' and '**/database/**'
Xray applies settings for each of the violations generated by the Watch. We examine the impact paths affected by the violation. If any of the paths match the specified patterns, a separate ticket is created under the corresponding mapped profile.
If there are no advanced settings or the violation does not have an impact path that matches the pattern, a ticket is created with all violation details under the default profile mapped to the Watch. In the given example, the default profile is "Xray-Security-Core."
Team-Based / Business Unit
To organize your work effectively in Jira, you can create separate projects for each team or business unit (BU) in your organization. This way, different teams can collaborate on the same product, but each team will have its own Jira project.
To ensure you receive updates for each specific project, you must create a separate profile for each Jira project. You can then use these profiles in your watches with path-based patterns.
Profile Naming Conventions
Have you noticed the naming conventions we use for profiles? They follow the format of "{{Jira Project}} - {{Issue Type}} - {{What’s this for}}". This format helps Xray users understand the intention of each profile, even if they do not have permission to review the Jira integration in Xray.