Jira Plugin for ShiftLeft

The following instructions will walk you through the process of installing the ShiftLeft Plugin for Jira.

Please note that:

  • You must have administrative privileges for both ShiftLeft and Jira to set up the integration.
  • The ShiftLeft Plugin for Jira currently supports a maximum of 1000 users.

Step 1: Install the Plugin

Log into your Jira instance with an administrator account. Using the navigation bar in the header, go to Apps > Find New Apps.

Alternatively, you can access ShiftLeft's app directly.

Find apps option

Use the search bar to search for ShiftLeft and open up ShiftLeft app.

Find apps in marketplace

Click Get app. In the Add to Jira window that opens, click Get it now.

Add to Jira

Jira will let you know when the installation is successful. At this point, you will find ShiftLeft listed whenever you navigate to Apps > Manage Apps.

Step 2: Create the Integration Token

You will need to create an Integration Token whose value you will provide to Jira later.

To do so, log into the ShiftLeft Dashboard and go to Integrations > Integration Tokens.

Create Integration Tokens Page

Click the plus (+) sign, and when prompted:

  • Provide a label (or unique name) for the token
  • Provide a token description (optional)
  • Choose a role (select Jira Plugin )
Create Integration Tokens dialog

Click Create Token to proceed.

You'll be shown your token and your OrgID, which you'll provide during the plugin configuration process. You can only view your token once, so please be sure to save its value before closing out of the dialog window.

Step 3: Configure Your Issue Types (Next-Gen Projects Only)

If you're working with next-gen projects, you'll need to complete the steps in this section for the ShiftLeft plugin to work.

Return to Jira and open up your project. Using the left-hand navigation bar, go to Project Settings > Apps.

For the ShiftLeft Jira Cloud app listed, click the slider to enable it.

Enable ShiftLeft App

Click Project Settings to get to the previous menu. Then, select Issue types.

This redirects you to the Task configuration screen. Using the options available in the bottom-right, drag and drop SL Findings Detail and SL Finding ID to the center of the page where it says Context Fields.

If you want the Jira plugin to create Epics or Subtasks, you will need to repeat the process of adding SL Findings Detail and SL Finding ID to the config for each issue type.

Add Context Fields

When done, click Save Changes at the bottom of the screen.

Step 4: Configure the Plugin

You can find the configuration settings under Project Settings. (If you are working with Jira's cloud-based instance, you may need to click Back to Project to go back to this menu).

Project homepage

Find and click on SL Project Configuration.

Provide Your Credentials

Provide the following credentials for your ShiftLeft account:

  • ShiftLeft Jira Integration Token: Provide your Integration Token
  • ShiftLeft OrgID: Provide your OrgID here
  • Jira Host: Optional. The address used to access your on-prem Jira instance (if it is different from the publicly available address)
SL Token Config Page

Click Save Token.

Configure the Integration

Once you've provided your credentials to Jira, you'll see a new section called ShiftLeft Issue Default Config.

SL Issue Default Config

You’ll need to set:

  • ShiftLeft Projects: The specific project in ShiftLeft whose identified vulnerabilities you want to be imported to Jira
  • Critical - Issue: The Issue Type (e.g., task, sub-task, bug) you wish to be created for vulnerabilities that are flagged as critical in severity
  • Moderate - Issue: The Issue Type (e.g., task, sub-task, bug) you want to be created for vulnerabilities that are flagged as moderate in severity
  • Info - Issue: The Issue Type (e.g., task, sub-task, bug) you want to be created for vulnerabilities that are flagged as informational
  • Fixed Workflow Action: The status you want to be assigned to the Jira issue for the vulnerability when you mark it as Fixed in the ShiftLeft Dashboard
  • Ignored Workflow Action: The status you want to be assigned to the Jira issue for the vulnerability when you mark it as Ignored in the ShiftLeft Dashboard
  • Default Assignee: The name to auto-assign to the newly-created issues
  • Reporter: The name to attach to the issues as the reporter (we recommend creating a user specifically for this purpose so that you can quickly identify all issues created by the plugin)

When done, click Save Defaults.

Step 5: Send Issues to Jira

At this point, you can create Jira tasks for the secrets and insights identified in ShiftLeft to Jira.

Whenever you view a vulnerability in the Dashboard, click Create Jira Issue. The integration will create a new Jira issue based on the settings you provided when configuring the previous section's integration.

SL Issue Screen

Step 6: Navigating Between Jira and ShiftLeft

Once you've successfully created an issue, the Create Jira Issue button turns into an Open Jira Issue button. Clicking on the button will take you to Jira, where you can view the task/issue you've created.

On-prem Issue Display

By default, you'll see that the description has been populated and a section called ShiftLeft Finding Info. (If you're using an on-prem instance of Jira, the Finding Info is displayed on the bottom-right of your screen. If you're using the cloud-based version of Jira, you will need to open up a panel to display the Finding Info).

The Finding Info section contains a link under Finding Details. Using this link returns you to the ShiftLeft Dashboard, where you can see in-depth information.

SL Detailed Issue Screen

You can also:

  • Use the Open Jira Issue to return to Jira
  • See who the issue is assigned to
  • Update the status of the issue (which will, in turn, update the Jira issue based on your configuration settings)