ShiftLeft plugin for Jira

The following instructions will walk you through installing the ShiftLeft Plugin for Jira.

Prerequisites

You must have administrative privileges for ShiftLeft and Jira to set up the integration.

The ShiftLeft Plugin for Jira currently supports a maximum of 1000 users.

Step 1: Add the ShiftLeft plugin to your Jira account

  1. Log into your Jira instance with an administrator account. Using the navigation bar in the header, go to Apps > Explore more apps.

    Find apps option
  2. Use the search bar to search for ShiftLeft and open up the ShiftLeft app.

    Find apps in marketplace
  3. Click Get app. In the Add to Jira window that opens, click Get it now.

    Add to Jira
  4. Jira will let you know when the installation is successful. At this point, you will find ShiftLeft listed whenever you navigate to Apps > Manage your apps.

Step 2: Create the integration token

You will need to create an integration token whose value you will provide to Jira later.

  1. Log into the ShiftLeft Dashboard and go to Integrations. Click the plus (+) sign, and when prompted:

    • Provide a label (or unique name) for the token
    • Provide a token description (optional)
    • Choose a role (select Jira Plugin )
    • Provide a TTL value that sets the length of time for which the token will be valid (optional)
    Create Integration Tokens dialog
  2. Click Create Token to proceed.

You'll be shown your token and your OrgID, which you'll provide during the plugin configuration process. You can only view your token once, so please be sure to save its value before closing out of the dialog window.

Step 3: Configure your issue types (team-managed projects only)

If you're using a team-managed Jira project, you'll need to complete the following steps (otherwise, proceed to step 4).

  1. Return to Jira and open up your project.

  2. Using the left-hand navigation bar, go to Project Settings > Apps > App fields. Click the toggle to enable ShiftLeft Jira Cloud.

    Enable ShiftLeft App
  3. In the left-hand navigation bar, select Issue types. This redirects you to the Task configuration screen.

  4. Using the options available in the bottom-right, drag and drop SL Findings Detail and SL Finding ID to the center of the page where it says Context Fields.

    Add Context Fields

    If you want the Jira plugin to create Bugs, Epics, or Subtasks, you will need to repeat the process of adding SL Findings Detail and SL Finding ID to the config for each issue type.

  5. When done, click Save Changes at the bottom of the screen.

Step 4: Configure your plugin

  1. In your project, go to Project Settings > Apps > SL Project Configuration.

  2. Paste in your ShiftLeft Jira Integration Token and ShiftLeft OrgId values, and click Save Token.

    Authentication screen
  3. Once you've successfully linked your plugin with your ShiftLeft account, you'll see a ShiftLeft Issue Default configsection. This allows you to map ShiftLeft findings to Jira types.

    Configuration options
  4. For example, for each Critical finding that you send over, you might want it to create a Task. If you've marked something as Fixed, you might want it to show as Done in Jira.

  5. The complete list of options available to you is as follows:

    • ShiftLeft Projects: The specific projects in ShiftLeft whose identified vulnerabilities you want to be imported to Jira
    • Critical - Issue: The Issue Type (e.g., task, sub-task, bug) you wish to be created for vulnerabilities that are flagged as critical in severity
    • High - Issue: The Issue Type (e.g., task, sub-task, bug) you want to be created for vulnerabilities that are flagged as high severity
    • Medium - Issue: The Issue Type (e.g., task, sub-task, bug) you want to be created for vulnerabilities that are flagged as medium in severity
    • Low - Issue: The Issue Type (e.g., task, sub-task, bug) you want to be created for vulnerabilities that are flagged as low severity
    • Fixed Workflow Action: The status you want to be assigned to the Jira issue for the vulnerability when you mark it as Fixed in the ShiftLeft Dashboard
    • Ignored Workflow Action: The status you want to be assigned to the Jira issue for the vulnerability when you mark it as Ignored in the ShiftLeft Dashboard
    • Default Assignee: The name to auto-assign to the newly-created issues
    • Reporter: The name to attach to the issues as the reporter (we recommend creating a user specifically for this purpose so that you can quickly identify all issues created by the plugin)
    • JIRA Contact Email (a shiftleft user that manages jira): The ShiftLeft user that's managing the Jira plugin
    • Maximum bulk JIRA issue creation (0 is unlimited): The maximum number of Jira issues that a user can create at once (set to zero to make this value unlimited)
  6. Make the changes you would like; click Save Defaults to persist your changes.

Step 5: Send issues to Jira

At this point, you can create Jira tasks for the findings identified in ShiftLeft.

  1. Select a finding and click Details to launch its detailed view in the Dashboard.

    Opening a ShiftLeft finding
  2. Then, click Assign to Jira.

    Expanding a finding's detailed view

Step 6: Navigating between Jira and ShiftLeft

Once you've successfully created an issue, you'll see the newly created finding in Jira:

Jira task board

When you open the Jira ticket, you'll see that the description has been populated with the same information in ShiftLeft. You'll also see a link under ShiftLeft Finding Info that lets you return to the ShiftLeft Dashboard.

Viewing a Jira issue