Snyk Security in Jira Cloud Integration
Snyk Security in Jira Cloud is available for all Snyk and Jira plans, including Free versions. This page has instructions for activating the feature; see the prerequisites.
Snyk Security in Jira Cloud is available for Jira Cloud only. Jira Server and Jira Data Center are not supported.
Snyk Security in Jira Cloud helps developers identify, prioritize, and triage security vulnerabilities related to their code repositories directly from the Jira interface.
The Snyk Security in Jira Cloud integration mirrors your Snyk scan results from the Snyk platform to Jira. You can view Snyk results in your native Jira environment and create Jira issues for your results as needed. You can see which Snyk Organizations are connected and which Snyk Targets are associated with your Jira projects.
Snyk Security in Jira Cloud is a Jira app.
To install and configure the Jira app, you must be a Jira Cloud administrator in the site-admins, administrators, or jira-administrators group. Contact your IT team to support your effort in installing the Snyk Security in Jira Cloud app.
To activate Security in Jira Cloud in Jira, navigate to Project Settings > Features > Development > Security and toggle Security ON.
Ensure that the project is not of type Classic. If you are unable to find Features in your project settings, this may be because the project type is Classic. In this case, the project must be rebuilt or migrated to a newer version.
Ensure you have the following permission scopes in Jira, which are required for the integration to operate.
- 1.In Jira, navigate to Apps > Find new apps.
- 2.Search for Snyk Security in Jira Cloud.
- 3.Click the app and then select Get it now.
- 4.Review the information about the app, and select Get it now.
- 5.Follow the instructions to install the app.
- 1.Go to Apps > Manage apps.
- 2.In the left menu, select Snyk Security in Jira.
- 4.In Snyk, select Grant access to allow Snyk to read your Jira Software account information.
- 5.Select the specific Snyk Organizations to connect to your Jira site, and select Grant app access.
When you have completed the following steps to connect Snyk to Jira, you can start triaging security issues in Jira.
Typically research and development engineering managers do his task because they own the Jira projects and know their team's code repositories.
- 2.Select the Add connection plus sign button for Snyk.
- 3.Choose the container code repository from the list and select Add container. This is a Snyk Target. You can connect more than one code repository to Jira.
Only security vulnerabilities will be shown on the Jira Security tab.
After installing and configuring the Snyk Security in Jira Cloud app, you can view vulnerabilities on the security tab on the Jira project page.
Snyk Security in Jira Cloud tab
To find vulnerabilities, navigate to the Vulnerabilities section. Snyk shows the severity, status, and identifiers. Click the title to see the details in Snyk Web UI.
Use the search bar and filters in the Vulnerabilities section to customize the list of vulnerabilities to show those relevant to your Organization.
Ignored and closed vulnerabilities are not shown in the Vulnerabilities section by default, but you can view them using the Vuln. status filter.
Select the title of a column in the table to sort all vulnerabilities by that attribute.
When triaging issues, you can add a Jira issue to the sprint or backlog to ensure the required work for resolving the vulnerability is planned and tracked.
Snyk provides vulnerability information to Jira, enabling users to have comprehensive data for resolving issues.
To add a Jira issue, navigate to the Snyk Security tab, find a vulnerability, and click Create issue.
Jira issue created from a vulnerability found by Snyk
If the vulnerability already has a Jira issue, you can link the vulnerability to the existing Jira issue by clicking the three dots in the Actions column and selecting Link issue.
Uninstalling Snyk Security in Jira Cloud will disconnect Snyk vulnerabilities from their associated Jira issues. To uninstall a Jira app, you must be an administrator in the site-admins, administrators, or jira-administrators groups.
- 1.In Jira, navigate to Apps in the main menu and select Manage your apps.
- 2.Select Snyk Security in Jira.
- 3.Click the Uninstall button.
Snyk sends all your security issues to Jira. However, each Jira project currently shows only up to 1,000 vulnerabilities on the Security tab UI across all your Snyk Projects added to Jira. This is due to a Security Tab issue that is known and being addressed by the owner, Atlassian. Atlassian plans to resolve this issue by the end of Q3 2023.