Chariot's Jira integration enables automatic and manual creation of vulnerability alerts as Jira tickets, streamlining your security workflow. This guide will walk you through the setup process, which typically takes 5-10 minutes to complete.
Prerequisites
Before beginning the integration setup, ensure you have:
- Jira administrator privileges
- Access to create API tokens in your Atlassian account
- Designated Jira project (or projects) for security vulnerabilities
Chariot Configuration
To begin setting up your Jira integration, first access your organization's settings. Log into your Chariot account and locate the Settings section at the bottom right of the page:
Once you're on the Settings page, you'll find the Notifications Settings tab. This is where you'll configure how Chariot communicates with external systems like Jira. Look for the "Add Notification" button and click to see the available integration options. Among these options, you'll find the Jira tile - select this to begin configuring your integration.
Jira Configuration
Jira configuration is a two-step process. The first step is authentication, and the second step is tailoring the messaging to your needs and Jira setup. Before collecting authentication information from Jira, review the screenshot below, which shows the Chariot authentication setup screen where you'll enter these details. Having this view in mind will help you understand exactly what information we need to gather from Jira.
Let's walk through each step.
First, you'll need to locate your Jira base URL. Log into your Jira instance and look at the address bar in your browser. Your base URL will be in the format https://your-domain.atlassian.net. Make note of this URL. Don't include any additional path information like /jira or other extensions. You'll need this URL when we return to Chariot.
Next, we'll set up the authentication that allows Chariot to communicate securely with Jira. This requires creating an API token through Atlassian. Visit the Atlassian API Tokens page by clicking on your profile picture in Jira, selecting "Manage Account":
Navigate to the Security section:
Navigate to the API tokens page:
Alternatively, you can go directly to the API tokens page at https://id.atlassian.com/manage/api-tokens. Once there, click the "Create API Token" button.
Give your token a meaningful label that will help you identify its purpose later, such as "Chariot Integration."
After clicking Create, you'll see your newly generated token. This is a crucial moment - copy this token immediately and store it somewhere secure, as you won't be able to view it again after closing this dialog. Treat this token with the same care as you would a password, as it provides access to your Jira instance.
More on Atlassian API tokens can be found here.
The User Email field in Chariot will take the email of the user that created the API token in Jira. To find this in Jira, click on the account icon at the top right. You can view and copy the email that that will go in the User Email field.
With your base URL, API token, and User Email secured, return to Chariot and add this information to the Jira setup dialog.
Once Chariot is successfully authenticated to Jira, the second step of the setup will begin: tailoring Chariot messaging to your Jira instance. Fill out the Integration Name section. Select one of the projects available through the API token provided. Choose a type - Chariot will send issues to Jira under the type you specify here (e.g., story, bug, task). You can also decide whether you want Jira to automatically create issues in the Jira project you've chosen. If you choose to enable automatic issue creation, all Chariot vulnerabilities at or above the selected severity level will be created as the desired issue type in the selected Jira project.
Click Connect to complete the setup.
Manual Ticket Creation
Whether or not you enable automatic Jira Issue creation, you can manually create issues for vulnerabilities.
On every vulnerability, under the More Actions dropdown, you will see "Create New Ticket". Clicking this will prompt Chariot to send this vulnerability and its details to the Jira Project of your choosing. You can also add multiple Jira Projects in Chariot so different Jira groups receive different information.
Once the ticket has been created, Chariot will display relevant information in the vulnerability drawer.
If a ticket has already been manually created in Jira, that ticket can be associated with a vulnerability in Chariot by going to the More Actions dropdown and choosing Associate Existing Ticket.
Once the vulnerability has been associated, you'll see that ticket and relevant information in the vulnerability drawer.
We hope these instructions are helpful! If you would like any topic discussed in more detail or need further assistance, please contact us at support@praetorian.com.