Skip to content

Jira

PROFESSIONAL

CORPORATE

This feature is only available for our Professional and Corporate versions.

This is a feature that allows you to send vulnerabilities from Faraday to JIRA.

JIRA's Configuration

1. Follow the instructions based on you JIRA Instance (On-prem or Cloud)

Copy your instance URL and Project Key from your JIRA instance information:

URL (example): https://localhost:8080/

Project Key (example): FARADAYPRO

template : choose a template from the dropdown menu (templates should be inside Faraday's Server at /home/faraday/.faraday/integrations_templates/)

Click here to download an example template.

Copy your JIRA Instance URL and Project Key information:

URL (example): https://example.atlassian.net/

Project Key (example): FARADAYPRO

template : choose a template from the dropdown menu (templates should be inside Faraday's Server at /home/faraday/.faraday/integrations_templates/)

Click here to download an example template.

Now, we need to activate OAuth Authentication:

Inside your JIRA Cloud click on the gear icon at the top-right corner (left side of your profile icon) and click on Products, then, on the left-side bar, click on Application links

On the input bar at JIRA, enter your Faraday's URL (example: http://localhost:5985)

If this message appears and the URL is correct, just click Continue

Fill the application fields, in this case, Faraday as the Application Name, you must select the option Generic Application as the Application Type and Mark the option Create incoming link. Then, click Continue.

Now, you will need to create a:

  • Consumer Key: you should copy and save this for after configuration at Faraday.

  • Consumer Name: In this case, we use Faraday.

  • Public Key: To create this Public Key, you will need to execute the following command on your Faraday Server: faraday-manage generate-rsa-keys --integration jira you will receive something like this:

    -----BEGIN PUBLIC KEY-----
    9YxXl4D/aL/iE94MsUc9t3FFoNCP97Sfel7o+1q5YOF79qlKGbP3mXgbel/LUaSj
    Vd91dnpg1OS1PH0p6YMDsCQfXSVBpC2OUY2hDkEwPUT/OKeAq+XE5sqEqoUeDdrS
    OOWVuEYlWZl6ghS2TABFN5VXPgWg30Ne4L0nlDqJh2BD7RACa+Wpzbr2b/HmIxSf
    WOj6mu7eK7Vx38CyrnOci8u59Mv/IXsEppU6nGgMZ7/Hw1ojaeSn0W6wF0Wsk3EG
    RY/wYngdCYQEQx0rDnannBnP6EuYaqwBtNjcPpp9zvsZt+d1qmOWbii4rbqfY4BR
    n42R05zamkSNqbwdoQ1JDyv90D6lrG+JLq/BjHaIJlAhnDIWfX6DtqgUOD3VUQfC
    GQvvguRA
    -----END PUBLIC KEY-----
    
    Just copy and paste it inside your Publick Key field at JIRA.

Then, click Continue to generate the application.

If everything is Ok, you should see this screen:


Faraday authenticate to Jira using OAuth 1.0 A

2. Generate RSA Keys

Run faraday-manage generate-rsa-keys --integration jira to generate the RSA key pair that Jira requests for the OAuth authentication process.

Create Application Link (using the public key generated).

When you’re creating the Application Link, it will ask you for a Public Key. You need to paste there the public key that the command in the section above printed. Begin authentication Once you’ve created the Application Link, go to Faraday’s Settings and select the Ticketing Tools section. Once there, select JIRA and you will see a section named OAuth Authentication. Here, all you need to do is to type the Consumer Key that you specified in the Application Link and click on the button next to the input field to begin the authentication process. The text right next to the button will show you the status of the process. If everything goes well, the status will be Authenticated. Once you’ve been authenticated to Jira using OAuth1.0a, you’ll be able to send vulnerabilities to Jira without providing any credentials. RSA Keys Generate RSA keys: faraday-manage generate-rsa-keys --integration jira Show current RSA keys: faraday-manage show-rsa-keys --integration jira Remove current RSA keys: faraday-manage remove-rsa-keys --integration jira ​ RSA Keys Commands

Generate RSA keys: faraday-manage generate-rsa-keys --integration jira
Show current RSA keys: faraday-manage show-rsa-keys --integration jira
Remove current RSA keys: faraday-manage remove-rsa-keys --integration jira

3. Faraday's Configuration

Login into Faraday's Web UI and go to Setting clicking on your username at the top-rigth corner:

Inside Settings, navigate to Ticketing Tools and Select JIRA from the dropdown menu:

Paste your JIRA instance information and paste it on the correct fields.

If everything is Ok, click on the green Save button and you should see a pop-up like this:

Inside the ticketing tool at Faraday, paste your instance URL and Project Key, then, add your Consumer Key into the OAuth Authentication field, after this, click the round button to authenticate!

You should see this, click on Redirect to JIRA, once on JIRA website, click on Allow and wait until receive an Access Approved message, once received, close the tab.

Once in Faraday, click on Authorized.


4. Send vulnerability to JIRA

Navigate to the Manage > Vulns view inside Faraday's Web UI

To send vulnerabilities to JIRA, select the desired vulnerabilities, click on the Tools button at the top-right corner and then click on JIRA.

Click on the dropdown menu Add columns and add the issuetracker column.

Now, select the vulnerability you want to export and click on Tools > JIRA

Keep in mind that only confirmed vulnerabilities can be sent.

Once the JIRA dialog opens, you have two options:

You can use the default data saved in the Ticketing Tools section of Settings (see Save JIRA's Configuration for more information):

You can overwrite JIRA default data by clicking on the checkbox button and then manually input your JIRA credentials. Then click OK:

If you overwrite only one field, Faraday will fill the others fields with the default data. E.g: if you overwrite Project Key, Faraday will fill URL field with the information you have saved in Settings.

Click Ok.

You should see the word JIRA appearing on the issuetracker column at your vuln, you can click on it to see the issue that has been created on JIRA!

Template The template's name where you'll define the issue's description. You can call any attribute of the vulnerability object using Jinja2 syntax. E.g., if you want your issue in JIRA to have as description the target, the hostnames, and the severity of the vulnerability, the template would be as follows:

Target: {{target}}
Hostnames:
{%for hostname in hostnames%}
    - {{hostname}}
{%endfor%}
Severity: {{severity}}

This template must be located inside the folder /home/faraday/.faraday/integrations_templates/

You can also link an issue to an Epic. To do so, look after the custom field Epic Link of your instance and add it to your issue’s configuration (just as the example above). Once you add it, you need to type in the input field the issue keys of the epic.