Code Security Integration with Jira

You can use Spectral to scan the content of Jira issues, including summaries, descriptions, comments, and attachments. The integration uses a Lambda function in AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. and a webhook in Jira.

Integration Environment Variables

Variable

Required

Description

SPECTRAL_DSN

Yes

Your Spectral DSN retrieved from SpectralOps

JIRA_WEBHOOK_TOKEN

Yes

A token used to identify the sender, should be identical to the webhook token sent in the webhook_token param to the webhook endpoint

EMAIL

No

The email matching the Jira API token. If this is not provided, attachments will not be scanned

SPECTRAL_TAGS

No

Tags list to run Spectral with, separated by commas (eg base,iac,audit). Default is 'base'

REDACTED_MESSAGE

No

In case of active remediation - a custom message to replace findings

REMEDIATION_MODE

No

How to handle findings (Valid values: "Not active" / "Redact finding")

JIRA_API_TOKEN

No

A Jira api token to scan attachments as well. If this is not provided, attachments will not be scanned

JIRA_PROJECTS_BLACKLIST

No

A comma delimited list of project keys that you want to exclude from being scanned

JIRA_PROJECTS_WHITELIST

No

A comma delimited list of project keys that you want to scan. No other projects except these will be scanned

Configuration

Prerequisite

The Lambda function requires these permissions in AWS:

Copy 
cloudformation:DescribeStacks
iam:CreateRole
iam:DeleteRole
apigateway:POST
logs:CreateLogGroup
iam:PutRolePolicy

To integrate Spectral with Jira:

  1. Use one of these methods to deploy the Lambda function:

  2. Copy the function gateway API URL.

  3. In your Jira instance, add a new webhook in System SettingsWebhooks to send events. For example:

    https://YOUR_ORG_NAME.atlassian.net/plugins/servlet/webhooks

  4. Mark these events for the webhook to send:

    • issue->create+update

    • comment->create+update

    • attachment-> create

  5. Copy the Lambda URL from AWS and use it as the webook URL. Make sure to copy the full URL and a query string parameter for the webhook secret you entered when you installed the Lambda function. For example:

    https://random1.execute-api.us-east-1.amazonaws.com/prod/api/jira_event?webhook_token=[YOUR WEBHOOK SECRET]

  6. To test the integration, open a Jira issue with a fake secret (for example: AKIA4HK52OLF2AAN9KWV).