How to Integrate with Edgescan:
The edgescan plugin for Jira Cloud provides a means to link edgescan assets to Jira projects. It can be configured to retrieve vulnerability data from the edgescan API, open a Jira issue for each new vulnerability, and automatically transition issues when the linked vulnerability is closed.
This documentation assumes familiarity with the concepts and configuration used by both edgescan and Jira.
Installing the plugin
- The plugin can be installed by clicking
Get it now. Select the site to install the app. Click
- When brought to another page click
Get it nowagain.
Authorising the Plugin
The host Jira instance must be authorised to access edgescan using an API token (See the edgescan user documentation for details on how to generate an API token).
- Once installed a pop-up will appear in the bottom left corner of the page. Select
Configure. Alternatively, go to
Apps -> Manage your appsand you can configure the app there.
- Enter the API token into the resulting field and click
Save, and a message will be displayed indicating whether authorisation was successful.
To configure a link between a Jira project and one or more edgescan assets:
- Navigate to the project link configuration page at:
Project Settings -> Apps -> Link to edgescanand select
Editnear the bottom of the page.
The following configuration options are available:
- Linked Assets – The edgescan assets you wish to link to this project. You must select at least one
- Risk Mapping – Each edgescan risk rating may be mapped to a Jira priority. Issues created from a vulnerability with a particular risk rating will have the mapped priority. If a risk rating is set to
Ignore, no issues will be created for vulnerabilities of that risk.
- Create Issue with Type – Issues created by the app will have this type.
- Add to Epic (Optional) – Issues will be added to the specified epic on creation.
- Add to Task – Issues created with type
Subtaskwill be added to the specified task on creation. This option only appears if issues are created with type
- Assign to (Optional) – Issues will be assigned to the specified user on creation.
- Status on Create – Issues will be transitioned to this status on creation.
- Status on Close – Issues will be transitioned to this status when the linked vulnerability is closed. For the plugin to operate correctly ensure that there is always a transition to this status available.
Syncing is the process of opening/transitioning issues based on the latest vulnerability data from edgescan. When a sync is performed, the app retrieves vulnerability data from edgescan. An issue will be opened for each new vulnerability, and if a vulnerability has been closed the linked issue will be transitioned to the configured
Status on close.
Syncing can be performed automatically or manually:
Automatic Syncis disabled by default, and can be enabled by clicking the
Enable Auto-Syncbutton on the project link configuration page. When enabled a sync will be performed automatically every 5 minutes.
Manual Syncis only available if
Auto-Syncis disabled. You can trigger a sync by clicking the
Sync Nowbutton on the project link configuration page.
Issues created by the plugin will have the type, priority, and status configured in the project link.
Issues will be added to an epic and/or assigned to a user if configured to do so.
The title is in the following format:
<vulnerability_name> @ <location>
The description will list the details of the vulnerability, and provide a link to the vulnerability in the edgescan portal.
Important Points about Syncing
The first sync performed on a project may take a long time (depending on the number of issues it has to create). Similarly if the project link configuration is edited, the next sync performed will be more thorough than the usual sync in order to ensure consistency between Jira and edgescan. Therefore, please allow 15 minutes for the first sync, and for subsequent configuration changes to take effect.
The effect of changing each configuration option is as follows:
- If an asset associated with a link is deselected, any issues linked to vulnerabilities on that asset will be deleted.
- If the priority mapping for a risk is changed to
Ignore, any issues linked to vulnerabilities of that risk rating will be deleted.
- If the priority mapping for a risk is changed, any issues linked to vulnerabilities of that risk rating will be updated to the correct priority.
- If the
Create with typesetting is changed, all issues will be updated to the correct type.
- If the
Add to Epic,
Add to Task, or
Assign tosettings are changed, existing issues will be unchanged. These changes will apply only to issues created in the future.
- If the
Status on createor
Status on closesettings are changed, the status of already existing issues will be unchanged. These changes will apply only to issues created in the future.