Jira & InsightAppSec

Close the Loop Between Security and Application Development

Ever send a vulnerability report to your development team and have it go ignored for days, even weeks? Or perhaps you’re an application developer and a 100+ page PDF of “vulnerabilities” in your app leaves you at a loss for next steps. Too often, the close coordination required between security and development teams to effectively patch and remediate application security bugs is hindered by suboptimal delivery methods (Read: Gigantic, static PDF reports sent through email that get easily lost or forgotten).

For truly effective application security remediation, security and development teams must understand each others’ priorities, workflows, and processes. Having the right tools to enable this is especially critical, which is why Rapid7’s DAST (Dynamic Application Security Testing) tools, InsightAppSec and AppSpider Enterprise, both integrate with the Atlassian Jira ticketing system. With this integration, application vulnerabilities are exported directly to Jira for immediate developer visibility. The result is pretty utopian: security and development teams moving forward in lock-step towards a stronger risk posture.

How It Works

In InsightAppSec or AppSpider Enterprise, configure the Jira integration by supplying the URL, login credentials, and default project and issue type to the Jira server. In InsightAppSec specifically, you can also map the vulnerability status and priority to corresponding Jira statuses and priorities. The summary and description of the created tickets can also be customized. Once the integration is set up, simply select vulnerabilities in InsightAppSec or AppSpider Enterprise and click the “Export to Jira” button to create corresponding tickets for each vulnerability.