Set up Jira integration with Endor Labs

Learn how to implementing ticketing workflows for JIRA.

Integrate Endor Labs with Jira and automatically create Jira tickets in specific projects when configured policies are violated. This integration automates the process of generating Jira tickets within your organization’s existing security workflow. This integration is supported on Jira Cloud.

To integrate Endor Labs with Jira:

Generate Jira API token

Generate Jira API credentials that you want to use to sign in to Endor Labs.

Note: It is recommended that the Jira account used for this integration includes only the following set of minimum required permissions.

  • Create Issues
  • Transition Issues
  • Assign Issues
  • Resolve Issues
  • Add Comments
  1. Sign into your Jira account.
  2. Navigate to your Jira profile.
  3. Under API tokens, click Create API Token.
  4. Enter a concise label to distinguish your token and click Create.
  5. Click Copy to clipboard, and have the token handy to enter in the Endor Labs application.

Note: The token cannot be viewed after closing the form. Copy it to a secure location and have it handy. Do not share the token.

Configure Jira Integration on Endor Labs

Set up Jira integration on the Endor Labs application.

  1. Sign in to Endor Labs.
  2. From the sidebar, navigate to Integrations.
  3. Under Notifications, click Manage for Jira.
  4. Click Add Notification Integrations.
  5. Enter a name and description for the integration.
  6. Enter a Jira user name. The user account is displayed as the reporter for all the tasks or bugs created in Jira for this notification.
  7. In API Key, enter the API token that you generated from Jira.
  8. In Jira URL, enter the HTTPS endpoint of your Jira instance.
  9. In PROJECT Key, enter the project key in which you want to create the Jira notifications. The project key is the prefix of the bug or task ID. For example, if the project key is ABC, the task or bug is created with ID in the format ABC-xxx.
  10. In ISSUE TYPE, enter the notification issue type such as Task, Bug, Story, Sub-Task, or Epic. The issue type is case-sensitive. Make sure to match with an exact issue type on your Jira board.
  11. In RESOLVED STATUS, specify the resolved status used in your Jira projects. For example, Completed. After the findings are resolved, the Jira ticket will be updated to this status. If you don’t specify a status, Endor Labs will attempt to determine your project’s resolution status and default to one of the following, in order of priority: Done, Resolved, Closed, or Fixed.
  12. In LABELS, enter a label and associate it with your Jira notifications.
  13. Click Add Custom Field to add custom KEY-VALUE pairs in the created Jira ticket. For example, you can add KEY as Source and associate it to Endor Labs in VALUE, so that every notification created will now have the information Source = Endor Labs associated with the ticket.
  14. Click Propagate this notification target to all child namespaces to apply this Jira notification target to all child namespaces within the hierarchy.
  15. Click Add Notification Integration.

Manage Endor Labs Jira notifications

You can view and manage the Endor Labs Jira notifications created for a project.

  1. From the sidebar, navigate to Integrations.
  2. Under Notifications, click Manage for Jira.
  3. To edit a notification, click the vertical ellipsis and choose Edit Notification Integration.
  4. To delete a notification, click the vertical ellipsis dots and choose Delete Notification Integration.

Associate an action policy with a Jira notification

Users can create action policies to execute a recommended action when a policy is violated. For example, if there is a license compliance violation, you can create a Jira ticket and notify the required personnel.

While creating an action policy, configure the following settings:

  • Select Choose an Action as Send Notification.
  • From SELECT NOTIFICATION TARGETS, choose the Jira integration notification that you created.
  • Choose an Aggregation type for Jira notifications. Choose Project to trigger a single notification for all findings, or choose Dependency to trigger multiple notifications for every dependency. See Aggregation types for more details.

A parent ticket is created with the selected issue type, either Task or Bug. The parent ticket includes the project name. Each identified dependency is grouped under a dedicated sub-ticket. The sub-ticket includes both the project name and dependency name. Findings without any dependency are grouped in a separate sub-ticket. During future scans, the existing sub-ticket status is updated or resolved. If a new dependency is found, a new sub-ticket is created.

Jira ticket

View Jira ticket details

Users can view the created Jira ticket details on the Endor Labs application. Users have the ability to observe specific information such as the status of tickets (whether they are open or closed), the associated action policy, the number of violations, and other important details. This aids in seamless troubleshooting and identification of both unresolved and resolved issues.

  1. From the Endor Labs application, navigate to Manage and click Notifications.
  2. Navigate across the Open, Resolved, or All tabs to view the issues listed under them.
  3. You can view specific details such as created date of the ticket, the name of the policy, the name of the project, the number of violations, and any labels associated with the projects.
  4. Choose a notification and click the vertical three dots on the far right side and choose:
    • Dismiss Notification: Clear this notification if it is no longer valid. It will be marked in grey.
    • Show Details: View the Jira ticket number and you can also navigate to Jira.
    • Go to Policy: View configuration details of the policy that created this Jira ticket.