HackerOne offers a bi-directional Jira integration that syncs information between your HackerOne report and the Jira issue. You can choose to integrate with Jira Cloud or Jira Server. This means that Jira users can sync specific workflows from Jira to HackerOne and vice versa, from HackerOne to Jira. This integration helps your development and security teams stay aligned, and contributes to a better workflow to process security vulnerabilities as it minimizes the back and forth between Jira and HackerOne.
You can create new Jira issues for reports you receive on HackerOne.
To create a new Jira issue from your HackerOne report:
- Go to the HackerOne report in your inbox that you want to create a new Jira issue for.
- Click Edit next to References.
- Click Create Jira issue.
- Select the Jira integration that you want the issue to link to in the dropdown.
- Add comments or change the state of the report in Jira.
When you perform an action on the Jira report such as adding a comment or changing the status of the report, Hackbot will generate an internal comment on the HackerOne report to reflect the changes.
You can link your HackerOne reports to existing Jira tasks.
To link your reports:
- Go to the HackerOne report in your inbox that you want to link to Jira.
- Click References in the report sidebar.
- Enter the Jira ticket reference ID in the Reference ID field.
- Click Link Jira issue.
The HackerOne report will now be linked to the Jira task, and all activities that are performed on the report will be synced to the corresponding task.
There's also another way you can link your HackerOne reports to Jira. You can:
- Go to the bottom of your HackerOne report.
- Select Change state > Triaged in the action picker
- Click Add reference to issue tracker.
- Enter the Jira ticket number in the Reference ID field.
- Click Create.
With the Jira integration you can sync these report updates to Jira:
- Report Comments
- State changes
- Assignee changes
- Public disclosure
All updates on a report are synced as a comment to Jira. Additionally, all actions are configureable and can be toggled from the Jira integration settings page.
If you've configured your own custom fields, you can use them in the Jira integration. All custom fields automatically appear as available variables that you can use to set up the field mapping between HackerOne and Jira.
To make sure your security team stays up to date with the changes that happen in Jira, you can sync back activities from Jira to the HackerOne report. All updates from Jira will be reflected in HackerOne as an internal comment on the associated report.
We currently support these activities from Jira to HackerOne:
- State changes
- Resolution changes
- Assignee changes
- Priority changes
You can choose which events you want to synchronize from Jira as each of the activities can be toggled individually.
You can set your integration to automatically close a HackerOne report as Resolved when a Jira issue closes. This enables the hacker to be notified right away when the Jira issue that's linked to the report is closed. In the Select Jira to HackerOne events section of the integration setup, select the Jira issue status that will trigger the closure of the HackerOne report.
You can map HackerOne severity ratings to the Jira priority fields when configuring your integration. This enables the right priority to be set when escalating a report to Jira.
See the Jira Setup page.