-
Notifications
You must be signed in to change notification settings - Fork 112
JIRA Integration
The OWASP Glue Project implements JIRA integration in order to streamline working directly in the tools that developers are using day to day to track their work.
First, to make Glue knows that you want to push issues to JIRA at all, use the format switch.
glue -f jira
Now we need to tell glue where JIRA is and how to connect.
We do this with command line options as follows:
glue -f jira --jira-api-url myjira.atlassian.net --jira-api-context '' --jira-username youruser --jira-password password --jira-project THE_JIRA_PROJECT_YOU_WANT_ISSUES_IN
`JIRA options:`
`--jira-api-url URL Specify the jira rest api endpoint. Eg. jemurai.atlassian.net.`
`--jira-api-context CONTEXT Specify the context (part after the base url if existing) for the rest api endpoint. Defaults to empty.`
`--jira-username USER Specify the user to get to Jira. (To be used for basic authentication - be sure it is HTTPS)`
`--jira-password PASSWORD Specify the password to use to get to Jira.`
`--jira-project PROJECT Specify the jira project to create issues in. If issue looks like APPS-13, this should be APPS.`
The JIRA integration is implemented through two main mechanisms:
- The reporter (lib/glue/reporters/jira_reporter.rb)
- The filter (lib/glue/filters/jira_one_time_filter.rb)
The reporter is what pushes the issue to JIRA. It just processes findings and uses the jira-ruby gem to push them to the JIRA instance.
The filter checks if an issue already exists in JIRA. Foundationally, we want every finding to have a strong fingerprint and this is used to prevent duplicating issues.