JFrog Xray is the universal software composition analysis (SCA) solution that enables DevSecOps teams to proactively identify open source vulnerabilities and license compliance violations before they manifest in production.
Atlassian Jira is the issue tracking and project management used by agile development teams to track bugs, stories, epics, and other tasks.
Xray’s built-in integration with Jira enables automated creation of Jira issue tickets from the results of Xray deep security scanning of packages, builds, and release bundles in Artifactory.
Once configured, every time Xray discovers a known security vulnerability or license policy violation, it will request a Jira project to create a new issue ticket for that threat. This helps notify developer, security, and quality assurance teams of new threats, and empowers those teams to prioritize and resolve them.
Getting these security notifications in a Jira project makes it easier and more convenient for agile teams to track these threats along with other bugs in the industry-standard issue-ticketing tool they use every day.
Through Jira, teams can quickly assess, prioritize and address Xray-detected security and compliance issues, minimizing their potential impact and helping to ensure your organization is releasing software that’s safe and compliant.
This feature can be used in conjunction with the JFrog Artifactory App for Jira to also link Xray-created issue tickets to the builds where they are resolved.
Benefits of Integration
- Automate issue ticketing of Xray-identified vulnerabilities and violations to a Jira project
- Use Xray rules and policies to limit ticket creation
- Integrate threat reporting and resolution into existing project issue management
- JFrog security research adds to comprehensive threat information in ticket
- No add-on or plugin required
- Secure connection with authentication
Jira issue tickets automatically created by Xray include comprehensive information about the impacted components, descriptions of the vulnerability, and enhanced information from JFrog security research. Xray can be configured to also include Jira project custom tag labels and custom mapping.
Xray also adds a link to the newly created Jira issue in the details of the violation record, providing ready access to the Jira ticket through the Xray violations report.
- Developers – Provides immediate notification of Xray-discovered security threats in a way that’s integrated into the established project management workflow.
- SecOps – Helps security teams notify of and track all violations found by Xray.
- Quality Assurance – QA teams can monitor the impact of threats, and track time to resolution.