What is it?
Our Jira integrations provide highly relevant and bite-sized learning on secure coding techniques directly within the issues you are working on. The learning content is offered in a variety of programming languages and frameworks.
Jira is an issue and bug tracking tool by Atlassian. It is very popular among developers and is used widely to manage agile delivery of software projects. See: https://www.atlassian.com/software/jira
It is offered as:
- Jira Cloud - The cloud SaaS version of the issue tracker
- Jira Server - The on-premise version of Jira for enterprises (no new license sales, approaching end of support - please refer to this page from Atlassian for detailed information)
- Jira Data Center - A highly scalable on-premise version of Jira for enterprises
Why did we build this?
To help developers resolve vulnerabilities faster and learn secure coding continuously.
By bringing the relevant content to you when and where you need it, our integrations become part of the solution helping you stay in the flow rather than just scanning the code and showing problems without any help to solve them.
Ultimately, by learning continuously, you build skills to write secure code from the start - reducing vulnerabilities in the codebase.
How does it work?
When users or scanning tools create issues containing vulnerability information, our integration scans the text content and uses our Direct Linking API to fetch the most relevant content containing vulnerability descriptions, explainer videos, and links to relevant code exercises. This content is shown under the Detail pane of the Jira Issue.
The vulnerability information in the issue may be present in the title, description, label, or a configured custom field in Jira. The integration can detect Common Weakness Enumeration (CWE) or Open Web Application Security Project (OWASP) references as well as common vulnerability names and phrases.
Installation and configuration
The Jira plugin can be downloaded from the Atlassian Marketplace.
Installation steps specific to the product that you use can be found under the Installation tab on the marketplace.
What data is sent and stored by the integration?
What is sent to SCW and collected?
- Generic usage stats (opens, clicks) with source information (Cloud instance hostname or organization name as obtained from Jira license)
Matched vulnerability information without source information so that we can identify the gaps in our learning content coverage
What is sent to SCW but not collected?
- Only the matched reference information from the issue titles, description and labels are sent to SCW to identify the learning resources but discarded after content is returned in the response
- Overview: https://www.securecodewarrior.com/products/scw-for-jira
- Atlassian Marketplace: https://marketplace.atlassian.com/apps/1221320/secure-code-warrior-for-jira
- Jira Cloud Configuration Guide: https://help.securecodewarrior.com/hc/en-us/articles/900000782363
- Jira Server/Data Center Configuration Guide: https://help.securecodewarrior.com/hc/en-us/articles/900000796646