Violations Handling and Notifications

JFrog Security User Guide
ft:sourceType
Ftml

Xray provides robust mechanisms for violation handling and notifications to ensure teams are alerted to issues promptly and efficiently. By leveraging Jira integration, webhooks, and emails, Xray ensures that stakeholders are informed and can take corrective actions when violations occur.

1. Jira Integration for Violations Handling

Xray integrates seamlessly with Jira, allowing violations (such as security issues, or non-compliance) to be automatically linked to Jira issues. This integration ensures:

  • Automated Issue Creation: When a violation occurs during a test execution, Xray can automatically create a Jira issue (Bug, Task, or other custom issue types) to track and manage the problem.
  • Issue Updates & Workflows: Violations linked to Jira issues follow Jira’s customizable workflows, enabling teams to manage resolution steps, assign responsibilities, and track progress.
  • Traceability & Reporting: Teams can use Jira dashboards and filters to track unresolved violations and measure compliance over time.

Example: If a test case fails due to a critical defect, Xray can automatically generate a Jira bug with relevant test execution details, logs, and screenshots.

2. Webhooks for Real-Time Notifications

Webhooks in Xray provide a real-time mechanism for external systems or services to react to violations dynamically. By configuring webhooks, teams can:

  • Trigger Custom Actions: Notify CI/CD pipelines, external monitoring tools, or security platforms when a violation occurs.
  • Integrate with Slack/MS Teams: Send instant alerts to development teams via chat applications.
  • Enable Automation & Third-Party Integrations: Connect with ITSM tools, incident response systems, or logging platforms.

Example: A webhook can be set up to notify a security monitoring system whenever a test identifies a security vulnerability, triggering an immediate investigation.

3. Email Notifications for Stakeholder Awareness

Emails provide a direct method of notifying relevant stakeholders about test violations, ensuring visibility across teams. Xray supports:

  • Automated Email Alerts: Configurable notifications sent when violations occur.
  • Customizable Recipients: Notify specific users, groups, or external contacts based on severity.
  • Scheduled Reports: Periodic emails summarizing unresolved violations.

Example: A QA Manager can receive a daily email report listing all failed critical tests, allowing them to take action before the next deployment.