Skip to content

Jira Integration

Faraday's Jira integration allows you to export confirmed vulnerabilities as Jira issues with full field mapping and maintain bidirectional status synchronization via Jira Automation rules. When a vulnerability status changes in Faraday, the linked Jira issue transitions automatically — and vice versa.

Availability: Commercial feature (requires licensed Faraday instance).

Verified against: Faraday Server v5.19.0 codebase, wiki doc dated 2025-10-28.

Overview

Feature Details
Export vulnerabilities to Jira Issues Yes
Bidirectional status sync via webhooks Yes (requires Jira Automation rule)
Multiple project support Yes (configure and activate multiple projects)
Dynamic field mapping Yes (mandatory + optional fields per issue type)
Jinja2 templates Summary and Description fields only
Authentication OAuth 1.0a (RSA-SHA1) via Application Link
Webhook endpoint /_api/v3/integrations/jira/update-issues
Webhook auth header X-Jira-Token with Faraday User Token (Jira scope)

Status Mapping

Status mapping is fully configurable per project. You define both incoming (Jira → Faraday) and outgoing (Faraday → Jira) mappings independently.

Available Faraday statuses:

Faraday Status
Open
Closed
Re-Opened
Risk Accepted

Jira statuses depend on your project's workflow configuration and are fetched dynamically from your Jira instance.

Prerequisites

  • A running Faraday Server instance (commercial edition)
  • A Jira instance (Jira Cloud or Jira Server 8.x+)
  • Ability to create an Application Link in Jira
  • Network connectivity between Faraday Server and Jira

Step 1: Configure Connection Settings (OAuth)

Generate Keys in Faraday

  1. Log in to the Faraday Web UI.
  2. Go to Settings > Ticketing Tools > Jira.
  3. Open the Connection Settings tab.
  4. Click the Edit button to open the configuration fields.
  5. Enter your Jira Instance URL (e.g., https://faraday.atlassian.net).
  6. Enter a Consumer Key Name (e.g., faraday-key).
  7. Click Generate Public Key — a public key appears in the field.
  8. Copy the public key to your clipboard.
  9. Click Save Connection Settings.
  1. In Jira, go to Administration > Applications > Application Links.
  2. Create a new Application Link:
Field Value
Application URL Your Faraday instance URL (e.g., http://localhost:5985)
Consumer Key The consumer key name from Faraday
Public Key Paste the public key generated in Faraday

For Jira Cloud, the Application Link setup may differ slightly. Refer to Atlassian's Application Links documentation.

Authorize the Connection

  1. Return to Faraday's Connection Settings tab.
  2. Click the Authorize button.
  3. If the connection fails, you will see an error message — verify your URL, consumer key, and public key match between Faraday and Jira.
  4. If successful, you will be prompted to allow Faraday access to read and write Jira data.
  5. After confirming access, the Connection Settings tab gear icon turns green.

Step 2: Configure Projects

Navigate to the Projects tab in the Jira configuration.

2.1 Fetch Projects

Click Fetch Projects to retrieve all available projects from your Jira instance. This populates the project dropdown. The button remains disabled while projects are loading.

2.2 Add Projects

Select projects from the dropdown to add them to the configuration table. You can add multiple projects.

2.3 Configure Issue Types and Fields

For each project:

  1. Click the red gear icon in the Issue Type column.
  2. Select an issue type from the list (e.g., Bug, Task, Story).
  3. Configure mandatory fields (marked with a red asterisk):
  4. Summary — supports Jinja2 templates using vulnerability data
  5. Description — supports Jinja2 templates using vulnerability data
  6. Other mandatory fields depend on the selected issue type
  7. Optionally add optional fields using the + button:
  8. Click to add from a list of available fields for the issue type

Supported Field Types

Field Type Description Example
string Text input Summary, Description (supports Jinja2)
option Single-select dropdown Status, Resolution
array Multi-select field Components, Labels
option-with-child Cascading select Category > Subcategory
priority Priority picker High, Medium, Low
version Version picker Fix Version
user User/assignee picker Assignee, Reporter
securitylevel Security level Confidential
group User group picker Team groups
component Component picker Project components
project Project picker Target project

Note: Only the Summary and Description fields support Jinja2 template syntax. All other fields accept fixed values.

2.4 Configure Bidirectional Status Mapping (Optional)

Click the red gear icon in the Attribute Mapping column to configure bidirectional status synchronization.

Outgoing (Faraday → Jira)

Maps Faraday vulnerability status changes to Jira issue transitions. When a vulnerability status changes in Faraday, the linked Jira issue automatically transitions to the mapped status.

Note: If the transition is not valid in Jira (due to workflow constraints), the synchronization will fail and the Jira issue will not update.

Incoming (Jira → Faraday)

Maps Jira issue status transitions to Faraday vulnerability status changes. When a linked Jira issue changes status, the webhook triggers and Faraday updates the vulnerability status per this mapping.

Note: Status updates triggered by incoming webhooks are not considered manual updates. This prevents infinite update loops.

2.5 Activate Projects

Once the issue type is configured (gear icon turns green):

  1. Click the checkbox to the left of each project row to activate it.
  2. Multiple projects can be active simultaneously.
  3. The trash can icon at the right of each row permanently deletes the project configuration (this cannot be undone).

2.6 Activate the Integration

If both the Connection Settings and Projects tabs show green gear icons, the integration slider at the top-left of the configuration panel becomes available. The integration activates automatically when you activate the first configured project.

Step 3: Set Up Bidirectional Sync (Jira Automation)

To enable Jira → Faraday status sync, create a Jira Automation rule:

Create Jira Automation Rule

  1. In Jira, go to Settings > System > Automation rules (or Project Settings > Automation for project-level rules).
  2. Create a new rule.

Trigger ("When")

Setting Value
Trigger type Field value changed
Fields to monitor Status

Action ("Then")

Setting Value
Action type Send Web Request
URL https://<your-faraday-instance>/_api/v3/integrations/jira/update-issues
HTTP method POST
Web request body Custom data
Custom data See JSON payload below

Webhook payload:

{
  "title": "{{issue.key}}",
  "desc": "{{issue.description.jsonEncode()}}",
  "priority": "{{issue.priority.name.jsonEncode()}}",
  "status": "{{issue.status.name.jsonEncode()}}"
}

Headers

Key Value
X-Jira-Token Your Faraday User Token (Jira scope)

Create a Faraday User Token (Jira Scope)

  1. In Faraday, go to Preferences > Access Tokens.
  2. Click Add Token.
  3. Set the scope to Jira and choose an alias.
  4. Copy the token immediately — it is displayed only once.
  5. Paste this token as the X-Jira-Token header value in the Jira Automation rule.

Enable the Rule

Activate the automation rule in Jira. Once enabled, any status change on a Jira issue that has a linked Faraday vulnerability will trigger a webhook to Faraday.

Step 4: Export Vulnerabilities to Jira

  1. In the Faraday Web UI, go to Manage > Vulns.
  2. Select one or more confirmed vulnerabilities.
  3. Click Tools (context menu) and select Jira.
  4. If multiple projects are active, select the target project.
  5. Vulnerabilities are created as issues in the selected Jira project using the configured field mappings.

Tracking Exported Vulnerabilities

  • Add the issuetracker column to the vulnerability table to see linked Jira issue keys.
  • Click the Jira issue key in the column to open the issue directly in Jira.
  • The issuetracker_json field provides structured details (issue URL, ID) and can be used in Executive Reports.

Vulnerability Model Fields

Field Purpose
issuetracker Stores Jira issue key (e.g., PROJ-123)
association_date Timestamp when vulnerability was linked to Jira issue
disassociated_manually true if manually unlinked from Jira issue

Jira Configuration Data Structure

The integration configuration is stored in the configuration database table under the key jira_integration as JSON:

{
  "url": "https://your-jira-instance.atlassian.net",
  "consumer_key": "faraday-key",
  "rsa_public_key": "-----BEGIN PUBLIC KEY-----...",
  "authorization_state": "authorized",
  "enabled": true,
  "projects": {
    "PROJECT_KEY": {
      "ticket_config": {
        "issue_types": {
          "Bug": {
            "fields": {
              "Summary": {"schema": {"type": "string"}, "value": "JINJA_TEMPLATE"},
              "Description": {"schema": {"type": "string"}, "value": "JINJA_TEMPLATE"},
              "Priority": {"schema": {"type": "priority"}, "value": "High"}
            }
          }
        }
      },
      "attribute_mapping": {
        "incoming": {},
        "outgoing": {}
      }
    }
  }
}

Permissions

Permission Unit ID Group Description
jira 15 integrations Jira integration CRUD operations
active_integrations 19 integrations View/manage active integrations
integrations_auth 41 integrations Integration authentication management

The ticketing.jira extra permission controls access to the Jira ticketing feature in the vulnerability context menu.

Data Model

UserToken Model

Tokens for Jira webhook authentication:

Column Type Description
id Integer Primary key
user_id Integer FK to faraday_user
token String Unique token value
alias String Descriptive name
expires_at DateTime Optional expiration
scope Enum jira (also: gitlab, service_desk, scheduler)
revoked Boolean Whether token is revoked
hide Boolean Hide token in UI

Configuration Storage

Integration settings are stored in the configuration database table:

CREATE TABLE configuration (
    id        INTEGER PRIMARY KEY,
    key       VARCHAR UNIQUE NOT NULL,
    value     JSONB NOT NULL,
    create_date  TIMESTAMP,
    update_date  TIMESTAMP,
    creator_id   INTEGER,
    update_user_id INTEGER
);

Jira integration configuration is stored under the key jira_integration.

Troubleshooting

Problem Possible Cause Solution
Authorization fails Application Link misconfigured Verify consumer key and public key match between Faraday and Jira
Cannot fetch projects OAuth not authorized Ensure the Connection Settings tab shows a green gear (authorized)
Mandatory field error when sending Missing field configuration Open the issue type configuration and fill all red-asterisk fields
Outgoing status sync fails Invalid Jira transition Verify the mapped Jira status is a valid transition from the current status in your workflow
Incoming webhook not triggering Automation rule disabled Ensure the Jira Automation rule is enabled and monitoring the Status field
Webhook returns 401 Invalid or expired token Verify the X-Jira-Token header value is a valid, non-expired, non-revoked Faraday User Token with Jira scope
Vulnerabilities not appearing in context menu Wrong status Only confirmed vulnerabilities can be sent to Jira
Integration slider unavailable Incomplete setup Both Connection Settings and Projects tabs must show green gear icons

Checking Integration Status

  • Connection Settings tab: Green gear = authorized, red gear = not connected.
  • Projects tab: Green gear = at least one project activated.
  • Issuetracker column: Add to vulnerability table to see linked issues.
  • Access Tokens: Navigate to Preferences > Access Tokens to verify token status, scope, and expiration.
  • Server logs: Check Faraday Server logs for webhook processing errors.

Changelog

Date Change
2025-10-28 Original wiki documentation published
2026-02-27 Updated: verified against v5.19.0 codebase, added permissions model, data model details, field type reference, configuration JSON structure, expanded troubleshooting, clarified OAuth flow and bidirectional sync

Source References

  • Wiki source: repos/faraday-wiki/docs/integration-jira.md
  • Permission definitions: faraday/server/utils/permissions.pyUNIT_JIRA
  • UserToken model: faraday/server/models.py (line ~2636) — JIRA_SCOPE
  • VulnerabilityGeneric model: faraday/server/models.py (line ~1431) — issuetracker, association_date, disassociated_manually
  • Configuration model: faraday/server/models.py (line ~3641)
  • Extra permissions: faraday/server/api/base.py (line ~2092) — ticketing.jira
  • Migration (Jira scope): faraday/migrations/versions/000918b77c25_add_jira_scope.py
  • Migration (config table): faraday/migrations/versions/b49d8efbd0c2_add_configuration_table.py
  • Migration (field reformat): faraday/migrations/versions/06c48492f587_reformat_jira_issue_fields_value.py
  • Atlassian docs: Application Links