Manage your findings in the Jira Security Dashboard
Overview
Every thirty minutes, the Jira Cloud plugin automatically checks for any changes to your Security Per-Vulnerability Alerts within your Mend organization and updates that data within the Jira Security Dashboard, giving you real-time accessibility without the context-switch.
Getting it done
Jira Security Dashboard view - At a glance
Note: There is an Atlassian limitation of 1000 vulnerabilities max on your Jira Security Dashboard for all containers in total.
To view the Security Dashboard in Jira, navigate to your Jira project → Development → Security (BETA):
Filter findings in the Jira Security Dashboard
You can filter the data view within the Jira Security Dashboard by:
Security container: Filter the data by Mend projects.
Severity: Filter the data by the severity level of the vulnerabilities.
Vuln. status: Filter the data by the status of the vulnerabilities.
Issue status: Filter the data by the status of the connected Jira issues (if any).
To restore the Security Dashboard view to include all findings, click on Reset filters:
You can also organize the data by the following table columns:
Severity -
Critical→Low,Low→CriticalVulnerability - By library name (alphabetical; A→Z); By library name (alphabetical; Z→A)
Vuln. status -
Open→Closed,Closed→OpenIntroduced - By date (Latest → Oldest), By date (Oldest → Latest)
Connect Jira issues to findings in the Jira Security Dashboard
You can manually create new Jira issues as well as link existing Jira issues to the vulnerabilities provided in the Jira Security Dashboard.
To create a new Jira issue for linking, you can either:
Click on Create issue in the Issues column of the Vulnerabilities table.
Click on Create another issue in the Actions column of the Vulnerabilities table. This option will only show if you have a Jira issue already linked to the vulnerability.
This opens the Jira issue creation wizard that auto-populates the Summary and Description fields of the issue with the vulnerability information. You can edit this default information to fit your organization’s needs:
To link an existing Jira issue, click on Link issue in the Actions column of the Vulnerabilities table.
Note: The Mend Jira Security Dashboard does not automatically update linked Jira issues. It only updates the data within the Security Dashboard Vulnerabilities table.
Example: A CVE that is included in the Security Dashboard has its severity decreased from
HightoMediumby NVD. In this scenario, the CVE's Severity column would be updated in the Security Dashboard, however, the Jira Issue linked to it would not be updated with the new severity level. If a user creates a new Jira issue through the Dashboard after this update, then the new issue will have the updated alert information.
Reference
Jira Security Dashboard - Security containers section
The Security containers section provides the Mend projects that are currently connected to your Jira project. Clicking on one of the containers here will take you to your Mend project summary page within the Mend Application:
Jira Security Dashboard - Create issue default information
Jira field | Description |
|---|---|
Summary | The title of the Jira issue, including:
Example:
|
Description | The details of the vulnerability, including:
Example:
|
Jira Security Dashboard - Vulnerabilities table
Parameter | Description |
|---|---|
Severity | The severity of the vulnerability. The available values are:
|
Vulnerability | Contains a short description of the vulnerable library, including:
|
Vuln. status | The current status of the vulnerability. The available values are:
|
Introduced | The date and time that the vulnerability was introduced in your Mend project. |
Identifiers | The vulnerability CVE ID and the direct link to the CVE’s page in the Mend Vulnerability Database. |
Issues | Displays the currently linked issues to the vulnerability. If there are no issues currently linked, there will be a |
Actions | The available actions are:
|