Snyk <3 Jira

Anna Debenham's avatar Anna Debenham

Over the past few months, we’ve been working closely with customers who use Snyk alongside various issue trackers as a way of managing their vulnerability remediation process.

The most popular ask has been an integration with Jira so that a Snyk vulnerability or license issue’s progress can be tracked, from disclosure, to assignment to the relevant person, and finally to remediation. We wanted to help speed up that workflow, and make raising a Jira issue as quick and easy as possible.

With help from our design partners, we put together a plan to build an integration that would allow the creation of Jira issues either via an API, or directly from a Snyk project’s test report. Relevant details about the vulnerability and project would be included in the issue, so those who are assigned to remediate it have all the information they need to hand.

Today we have launched this Jira integration for all our Pro and Enterprise plan customers.

Create Jira issues via our API

Our Projects API now makes it possible to create Jira issues for any of your Snyk project’s vulnerabilities or license issues.

Create Jira issues via our UI

You’ll find where to get set up on the integrations page in your organisation settings area. Once you’re connected, you’ll be able to create issues directly from your Snyk project’s test report page. Just like you can trigger a fix or an ignore from an issue card in Snyk, you can now create a Jira issue in the same way.

Button to create a Jira issue

You can do this for both license issues and vulnerabilities. We’ll copy across the details into the relevant fields.

As avid users of Jira ourselves, we know that no two Jira projects are the same, so we’ve done our best to make this process as flexible as possible. All your project’s required fields will be displayed, and you’ll be able to choose which project to assign that Snyk issue to, as some of our customers like to assign different issues to different projects.

Modal to create a Jira issue

A lot of the customers we talked with have internal SLAs that they want to maintain. By default, we will base the Jira issue priority on the severity level of the Snyk issue, but you can override this on a case-by-case basis.

Once you’ve created your Jira issue, the Jira key with a link will display on the issue card so you can easily refer back to it.

Button with Jira key

You can also see which Jira issues have been created from the Issues view in your reports.

Jira key in reports

For more information, you can follow our documentation.

More to come…

But we’re not finished. From talking with our customers, we know that some want automatic issue creation, while others prefer to trigger issue creation manually.

So while we respond to your feedback on what we’ve just built with the manual process, we’re also working on the second phase of our Jira integration which will give you the ability to set up automatic Jira issue creation, so you don’t have to manually trigger the issue creation. Of course, we will still allow you to open issues manually if that suits your workflow better.

We’re also planning on integrating with other issue trackers as part of this phase, so stay tuned for more!

The Most Common Vulnerabilities in Maven Central and npm

June 27, 2018

In this post we’ll look at the most common types of vulnerabilities for two of the main ecosystems we track in our vulnerability database, namely Maven Central and npm. The Snyk Vulnerability database consists of vulnerabilities from over 1,000,000 open source packages we track that use Composer, Go, Maven Central, npm, NuGet, pip and Rubygems.

Introducing Service Accounts – API tokens for your org

June 12, 2018

One of our most frequent feature requests recently has been for the ability to generate an API token that isn't tied to a particular user. We're really excited to be able to now offer our Pro and Enterprise customers the ability to create Service Accounts – a special type of user that has an API token associated with it.

Subscribe to The Secure Developer Podcast

A podcast about security for developers, covering tools and best practices.

Find out more

Interested in web security?

Subscribe to our newsletter:

Get realtime updates and fixes for JavaScript, Ruby and Java vulnerabilities that affect your applications