HackerOne provides bidirectional Jira integration for seamless data syncing between your HackerOne report and Jira issue. Sync workflows from Jira to HackerOne and vice versa, improving alignment between development and security teams and streamlining security vulnerability processing.
Creating a Jira issue
You can create new Jira issues for reports you receive on HackerOne.
To create a new Jira issue from your HackerOne report:
Go to the HackerOne report in your inbox that you want to create a new Jira issue for.
Click Edit next to References.
Click Create Jira issue.
Select the Jira integration you want the issue to link to in the dropdown.
Add comments or change the state of the report in Jira.
When you act on the Jira report, such as adding a comment or changing the status of the report, Hackbot will generate an internal comment on the HackerOne report to reflect the changes.
Linking HackerOne Reports to Existing Jira Tasks
You can link your HackerOne reports to existing Jira tasks.
To link your reports:
Go to the HackerOne report in your inbox that you want to link to Jira.
Click References in the report sidebar.
Enter the Jira ticket reference ID in the Reference ID field.
Click Link Jira issue.
The HackerOne report will now be linked to the Jira task, and all activities performed on the report will be synced to the corresponding task.
There's also another way you can link your HackerOne reports to Jira. You can:
Go to the bottom of your HackerOne report.
Select Change state > Triaged in the action picker
Click Add reference to issue tracker.
Enter the Jira ticket number in the Reference ID field.
Syncing updates from HackerOne to Jira
With the Jira integration, you can sync these report updates to Jira:
All updates on a report are synced as a comment to Jira. Additionally, all actions are configurable and can be toggled from the Jira integration settings page.
If you've configured your own custom fields, you can use them in the Jira integration. All custom fields automatically appear as available variables that you can use to set up the field mapping between HackerOne and Jira.
Syncing updates from Jira to HackerOne
To make sure your security team stays up to date with the changes that happen in Jira, you can sync back activities from Jira to the HackerOne report. All updates from Jira will be reflected in HackerOne as an internal comment on the associated report.
We currently support these activities from Jira to HackerOne:
You can choose which events you want to synchronize from Jira as each activity can be toggled individually.
Automatically resolving a HackerOne Report
You can set your integration to automatically close a HackerOne report as Resolved when a Jira issue closes. This enables the hacker to be notified right away when the Jira issue that's linked to the report is closed. In the Select Jira to HackerOne events section of the integration setup, select the Jira issue status that will trigger the closure of the HackerOne report.
HackerOne Severity to Jira Priority Mapping
You can map HackerOne severity ratings to the Jira priority fields when configuring your integration. This enables the right priority to be set when escalating a report to Jira.
Installing the Jira integration
See the Jira Setup page.