Snyk Security in Jira Cloud (beta)

Snyk Security in Jira Cloud helps developers identify, prioritize and triage security vulnerabilities related to their code repositories directly from the Jira interface.

Available plans and compatibility

Plans and pricing

Snyk Security in Jira integration is available for all Snyk and Jira plans, including Free versions.

Supported Jira Software versions

Snyk Security in Jira is available for Jira Cloud only. Jira Server and Jira Data Center are not supported.

Snyk Security in Jira Cloud installation

To install Snyk Security in Jira Cloud from the Atlassian Marketplace and start triaging security issues in Jira, you need to take the following actions:

1. Install Snyk Security in Jira Cloud.

2. Configure the Snyk Security app.

3. Link code repositories to Jira projects.

Requirements

• To install and configure Jira apps, you need to be an administrator in the site-admins, administrators, or jira-administrators groups. Contact your IT team to support your effort in installing the Snyk Security app.

• To connect the Jira app to Snyk, you need to be a Snyk Organization administrator.

Permission scopes in Jira required for the integration

These are the required permission scopes in Jira needed for the integration to operate.

Install Snyk Security

1. In Jira, go to Apps > Find new apps.

2. Search for Snyk Security in Jira Cloud.

3. Click the app and then select Get it now.

4. Review the information about the app, and select Get it now.

5. Follow the instructions to install it.

Configure Snyk Security

1. Go to Apps > Manage apps.

2. In the menu on the left-hand side, select Snyk Security in Jira.

3. Log in to your Snyk account, or sign up for a new Snyk account.

4. Select Grant access to allow Snyk to read your Jira Software account information.

5. Select the specific Snyk organizations to connect to your Jira site, and select Grant app access.

Link code repositories to Jira projects

1. In Jira, go to Project settings > Toolchain and find Snyk in the list of tools (see What is the project toolchain in Jira Software?).

2. Select the Add connection button ➕ for Snyk.

3. Choose the container (code repository) from the list and select Add container.

Developers can now use the security feature to view recent vulnerabilities found in the linked code repositories and start creating Jira issues from them or linking them to existing Jira issues.

Manage security vulnerabilities in Jira

After the app installation, you can view vulnerabilities in the security tab on the Jira project page.

To find vulnerabilities, go to the Vulnerabilities section. Snyk shows the severity, status, and identifiers. Click the title to get the details in Snyk Web UI.

Search, filter and sort vulnerabilities

Use the search bar and filters in the Vulnerabilities section to customize the list of vulnerabilities to those relevant to your organization.

Ignored and closed vulnerabilities are not shown in the Vulnerabilities section by default, but you can view them using the Vuln. status filter.

Select the title of a column in the table to sort all vulnerabilities by that attribute.

Create a Jira issue from a vulnerability

When triaging issues, you can add a Jira issue to the sprint or backlog to ensure the required work for resolving the vulnerability is planned and tracked.

Snyk provides vulnerability information to Jira, enabling users to have comprehensive data for resolving issues.

To add a Jira issue, go to the Snyk Security tab, find a vulnerability, and then click Create issue.

Link an existing Jira issue to a vulnerability

If the vulnerability already has a Jira issue, you can link the existing Jira issue by clicking the horizontal ellipsis icon and selecting Link issue.

Uninstall Snyk Security

1. In Jira, go to Apps in the main menu, then select Manage your apps.

2. Select Snyk Security in Jira.

3. Click the Uninstall button.