Introducing Snyk Auto-Issues for Jira: a new open source application for automated issue creation

One of the things I’ve grown accustomed to as a developer is fiddling around with new languages or frameworks I find interesting. So naturally, working with our partners to launch Snyk Apps is right in my wheelhouse. At work and on my own time, I enjoy trying to build something that others might find interesting or useful. As a Jira user myself, I decided to take a look at Atlassian’s Forge platform and see what I could do with it.

While experimenting with Forge, I decided to cover a Snyk use case that would make my life easier. I built a new Atlassian Jira App: Snyk Auto-Issues for Jira. This is a straightforward open source application, which automatically creates new Jira issues for security vulnerabilities that Snyk discovers within code, dependencies, containers, configuration files, and more. It’s similar to Snyk’s existing integration, where, once connected, you’re able to manually click a button in the Snyk UI to open an issue in your Jira instance. The difference here is that this application automates the process by leveraging Snyk webhooks.

Additionally, Snyk is included in Atlassian’s new Jira toolchain page, which is a new way to easily discover, connect to, and visualize your software development tools in Jira. 

With the Jira toolchain page, customers are able to:

• Understand where each of their tools fit in the software development lifecycle (SDLC)
• Identify potential tooling gaps as DevOps processes evolve
• Discover new tools and Jira integrations to address any gaps

Altogether, these capabilities will help organizations implement an end-to-end development process for delivering high-quality, secure software faster than ever. 

Snyk’s partnership with Atlassian

Snyk is already a featured partner of the Atlassian Open DevOps initiative, which integrates more than 40 DevOps tools, to help developers bring application security into their existing DevOps toolchains. 

For example, the Bitbucket Cloud integration embeds Snyk’s vulnerability scanning capabilities directly into the Bitbucket Cloud platform. Receiving Snyk insights within existing Bitbucket workflows makes it easier for development teams to find and fix vulnerabilities in open source dependencies and container images.

Let’s take a closer look at how the Snyk Auto-Issue for Jira Cloud app brings additional developer-first security capabilities to the Atlassian ecosystem.

How Snyk Auto-Issue for Jira Cloud works

As previously mentioned, Snyk Auto-Issues for Jira is a Jira Cloud application built with Atlassian’s Forge development platform. It subscribes to a webhook configured within Snyk to automatically pull vulnerability scan results, and create new Jira issues for any vulnerabilities that are discovered.

Within the platform, you can map Jira projects to track specific Snyk projects. This can be used for one-to-one project mapping, or a single Jira project can monitor multiple Snyk projects. Once this is set up, issues will be created on the Jira board for newly discovered security issues.

The integration also gives organizations the flexibility to limit Jira ticket creation depending on the  severity of the vulnerability.l Snyk’s severity scores are: low, medium, high, and critical. This helps development teams prioritize vulnerability remediation to have the greatest impact on an application’s security posture.

Lastly, Snyk Auto-Issues for Jira allows users to select one of their defined issue types to use as the template for any new issues the application creates. If you prefer that new vulnerabilities be created as Tasks, Bugs, or something entirely custom, you’ll be able to configure it.

Try the Snyk Jira App today

With this open source application, Jira admins can streamline and automate the tracking of new security issues from within their Jira dashboards. This enables organizations to more easily manage the development and delivery of secure applications. Snyk Auto-Issues for Jira requires a Snyk subscription, but you can start a free 14 day trial today — no strings, no credit card required. All you need to do is log in to your Snyk account, request a free Snyk Business plan trial, and then sign up for the new Jira application for free in the Atlassian Marketplace.

Since this is an open source, community-driven integration, all the development and documentation happens here on GitHub. If you’re interested in contributing new features, fixing bugs, or are simply reviewing the source code, please stop by and take a look!