After successfully completing the connection between Jira and Xray, you need to create a Jira Configuration profile. As there are different Jira projects for different teams, the configuration profile enables you to define specific criteria for the issued Jira ticket per Jira project, such as labels and custom mappings defined in the Jira project.
Xray supports the below field types of Jira if you have any other type as a required field, these issue types will not appear in the “Issue Type” list of the profile configuration page
Paragraph (Xray does not support rich text)
As each violation creates a new Jira ticket, you might have multiple Jira tickets for the same violation in different versions of the Build, Release Bundle, or package. You can choose to only have one Jira ticket for the violation, by eliminating duplicate Jira tickets. If unchecked, multiple Jira tickets will be created for the same violation in all Builds, Release Bundles, and Packages.
Xray provides a list of Macros, which you can map to your Custom Fields or Labels of the Jira Project. We would resolve these Macros for a violation and assign appropriate values to the custom fields as part of the ticket creation.Here are the available macros:
JFrog Research Severity
CVSS V2 Vector
CVSS V2 Score
CVSS V3 Vector
CVSS V3 Score
Component License ID
Fix Version Available?
Exposure Fix Cost
Consider you have a Jira Project called “Xray” and would like to configure the “Security” issue type as a profile and create tickets under it for any violations. Here are the steps you would follow:
The issue type “Security” is configured as below.
Note the custom field “Severity” added to the context fields. “Severity” has the below configuration.
Now, while creating the profile, you select “Xray” as the project type and “Security” as the issue type. Xray automatically lists all the required mandatory fields; in this case, you can see “Severity” listed here.
In “Severity”, you will see two types of options to select: “Dynamic Value” and “Static Value.” These are the options to select an Xray Macro or one of the options you have set in the Jira Custom Field Configurations. Xray displays the most suitable macros based on your custom field configuration.
Assign the Xray macro “Severity” to the Jira custom field; as soon you do this, you will see a popup prompting you to provide a default value. When you map a macro to a mandatory custom field, we need a default value, which we will use while creating the ticket. For example, when a CVE is reported, there may not be a Severity in this case. What would you want to see in the Jira ticket?
You may also want to add a “Label” when Xray creates a ticket. Label is an optional field during ticket generation, you must add that to the profile before editing it. Click “Add Optional Fields” and add Labels to the profile page.
You could select one of the Xray Macros or type in a static text or both. Note that white spaces are not allowed in Jira Labels, these will be replaced by _ (underscores) in the Jira ticket.
To validate your configurations, try “Creating a test ticket.”
Save your profile.