Jira Integration
Connect your Jira instance to CodeStax to create and track remediation tickets directly from SCA vulnerability findings.
Connecting Jira
Navigate to SCA > Jira and provide the following:
- Jira Base URL — Your Atlassian instance URL (e.g.,
https://yourorg.atlassian.net). - Project Key — The Jira project where tickets will be created (e.g.,
SEC). - API Token — A Jira API token generated from your Atlassian account settings. This is stored encrypted at rest.
- Assignee Email (optional) — Default assignee for new tickets.
Click Test Connection to verify credentials before saving.
Creating Tickets from Vulnerabilities
Single Ticket
From any vulnerability row in the SCA results table, click the Create Jira Ticket button. The ticket is pre-populated with:
- Summary — CVE ID and affected package name.
- Description — Severity, installed version, fixed version, advisory link, and remediation guidance.
- Priority — Mapped from vulnerability severity (see below).
Bulk Ticket Creation
Select multiple vulnerabilities using the checkboxes, then click Bulk Create Tickets. One ticket is created per selected vulnerability. A progress indicator shows creation status.
Ticket Contents
Each Jira ticket includes:
| Field | Value |
|---|---|
| CVE ID | e.g., CVE-2024-1234 |
| Severity | Critical, High, Medium, or Low |
| Package | Package name and installed version |
| Fix Version | The minimum version that resolves the vulnerability |
| Advisory URL | Link to the NVD or GitHub advisory |
| CVSS Score | Numeric score when available |
Viewing Linked Tickets
The Jira column in the SCA results table shows linked ticket keys (e.g., SEC-142). Click any key to open the ticket in Jira. A status badge displays the current Jira status (To Do, In Progress, Done).
Priority Mapping
Vulnerability severity maps to Jira priority automatically:
| Severity | Jira Priority |
|---|---|
| Critical | Highest |
| High | High |
| Medium | Medium |
| Low | Low |
Best Practices
- Use a dedicated Jira project for security findings to keep them organized and apply project-level automation.
- Set up Jira automation rules to notify developers when tickets are assigned.
- Combine with SLA policies so that Jira due dates align with your remediation deadlines.
- Use bulk creation after scans to quickly triage and assign new critical and high findings.
- Close tickets in Jira once the fix is verified by a subsequent scan; CodeStax does not auto-close tickets.
- Limit API token scope to the specific project for least-privilege access.