Configure Mend for Jira Cloud
Overview
The Mend Integration for Jira Cloud allows you to manage how security findings are reported and mapped between the Mend AppSec Platform and your Jira projects. You can onboard multiple Mend organizations and configure how issues are created across them, all from a single Jira Cloud integration. This provides a unified experience, eliminating the need to manage separate plugin instances for each organization.
Getting it done
Manage your Mend Organizations and Mappings
After onboarding your Mend Organization(s), you’ll be navigated to the Organizations page where you can manage your connected Mend organizations and configure the mappings of each one.
Clicking on a connected organization opens a pop-up window with three configuration sections:
Overview — Provides a summary of the connected Mend organization. It includes key integration details such as organization UUID, connection status, mode (e.g., Create Issue), timestamps for integration and updates, and the user who last modified the settings. This is your central reference for the integration status and setup metadata.
Mapping — Allows you to define how Mend applications and projects are linked to Jira Cloud projects. By default, all items map to a single Jira project, but you can add specific exceptions using the "Add Mapping" option. This ensures issues are created in the right context for each project or application. Click Save to activate the selected mappings.
Labels — Enables the configuration of Jira labels for issues created through the Mend integration. Labels can include Mend attributes, free-text values, or existing Jira labels. When labels are defined at both the integration and project levels, they are automatically merged into a single consolidated list.
Advanced Settings — Includes advanced configuration actions. Here, you can switch the integration mode (e.g., to Jira Security Dashboard), update the activation key to re-integrate with Mend, or remove the organization entirely from the Jira Cloud plugin.
Note: Alternatively, you can click the three-dot menu (⋮) on the right side of the organization entry. This opens a contextual menu where you can access additional actions, such as editing the mappings, updating the activation key, or removing the organization.
Work Item Type Mapping
You can customize the Work Item Type fields Mend uses to create issues by adding, editing, or deleting mappings of Mend attributes to existing Jira fields for a selected issue type within a Jira project.
The supported work item types to configure are:
[Default] Mend Types (Dependencies, Code, Containers)
Task
Sub-Task
Story
Bug
Epic
Navigate to the “Work Item Type Mapping” tab, where you will see your Jira projects, their default Work Item Type, the number of Mend organizations linked to this Jira project, and the last updated date of this configuration.
To customize the Work Item Type, click on the Jira project name or the pencil button.
The default Work Item Type is “Mend Types”, but you can select each supported type from the list.
When selecting a Work Item Type, you can configure the field values and use Mend attributes for the supported field types.
Click Save to apply the changes for all future Jira issues created through the integration.
Notes:
Changes to a work item type will apply to all tickets that will be created for this Jira project.
Mend Work Item Types are pre-configured and cannot be customized.
Jira field types with pre-defined options, such as Dropdown, Multiple Selection, or List, aren’t supported for customization with Mend attributes.
Mend doesn’t support work item types with mandatory fields that cannot be set via the integration.
Supported Attributes List
Attribute Name | Format | Example Value(s) |
|---|---|---|
Org Name | Plain text | Mend |
Application Name | Plain text | Online Storefront |
Project Name | Plain text | frontend-ui |
Org UUID | Value, Key:Value | 3e4-54rff-546-654654, org_uuid: 3e4-54rff-546-654654 |
App UUID | Value, Key:Value | app_uuid: ab12-34cd-56ef |
Project UUID | Value, Key:Value | project_uuid: xy98-76zy-12wx |
Severity | Plain text | High, Medium, Low |
Violating | Value, Key:Value (Boolean) | true, Violating: true |
Fix Available | Value, Key:Value (Boolean) | true, Fix available: true |
Reachable | Value, Key:Value (Boolean) | true, Reachable: true |
Exploitable | Valu, Key:Value (Boolean) | true, Exploitable: true |
Malicious | Value, Key:Value (Boolean) | true, Malicious: true |
Scan Engine | Plain text | Dependencies (SCA), Code (SAST), Containers |
Created By | Contextual text | Manual: john.doe@mend.io, Workflow: Auto Remediation |
Onboard Mend Organizations
The Mend Integration for Jira Cloud supports connecting and managing multiple Mend organizations from a single Jira Cloud plugin. This provides a unified view and experience, enabling you to manage issue creation across various Mend organizations without switching between separate plugin instances.
Follow these steps to enable and configure the multi-org view within the Jira Cloud plugin:
After installing the Mend Integration for Jira Cloud, as described here, you’ll see the following screen:
On the Add an Organization page, add your activation key from the installation step into the Mend Platform Activation Key section.
Select which Vulnerability Notification Preference you prefer:
Create Issues: Using a pre-defined workflow from your organization in the Mend Platform, automatically create Jira issues for findings that meet the conditions of the workflow, or create issues manually.
Jira Security Dashboard (beta) - SCA Only: Monitor your Jira projects with a centralized view of security issues and risks across your organization.
Assign your Default Jira Cloud Project to where the issues will be created (Relevant only to “create issues” mode).
Click on Add Organization to activate the Mend for Jira Cloud plugin.