Sending Dash Compliance Events To JIRA
Dash allows teams to extend compliance by connecting Dash compliance events into JIRA and other task management solutions. Dash customers can send compliance events into JIRA and manage Dash compliance tasks alongside their ordinary security and DevOps workflows.
What Will You Need?
- Dash ComplyOps v1.9.0 or greater – See how to update to latest version of Dash
- About 10 minutes of time
JIRA Requirements
In order to send compliance issues to JIRA, your team must have a board already created inside of your instance of JIRA.
As of v2.7.7, the following requirements and support configurations for JIRA boards may be utilized.
JIRA Account: Currently Dash only supports connection to JIRA accounts that have the language set to English.
Supported Board Types: The following types of JIRA boards can be connected and receive compliance issues from Dash. Your team must use one of the following board types to receive Dash compliance issues.
- Kanban team managed board
- Kanban company managed board
- Scrum team managed board
- Scrum company managed board
Required Board Issue Types: Dash compliance issues are sent as cards with a specific issue type. The Jira board you connect to Dash, must have the following Issue Types. Ensure the the board you connect to Dash supports the following Issue Types.
- Story
- Task
- Subtask
API Token: In order to connect Dash to your JIRA application, you will need to create an API token (key) associated with a specific JIRA user. This token creation is described in Step #3 and #4 below.
It is important to note that this token should be created and associated with a user with the following requirements.
- The API Token must be created from a user with access to the Jira board (you will connect to Dash).
- The User must have the ability to create tickets in the JIRA board that will be connected.
Instructions
- In Dash ComplyOps, navigate to the Action Center.
- The page should look like this:
3. Before continuing, ensure that you have a JIRA board configured that you would like to send Dash issues to. You may consider the following when connecting Dash to JIRA:
- Dash will automatically send issues to the Backlog of the JIRA board you define.
- Dash issues can be sent to both Scrum and Kanban based JIRA boards defined in the above “JIRA Requirements” Section.
- Compliance Issues – Will send compliance issues from the Dash Compliance Center to the assigned JIRA board when they are created.
3. Under Outputs click “Configure JIRA”
4. Scroll down to the Jira Integration Section and click “Add Jira Application Link”
3. You will then be prompted to enter in the following:
- JIRA Host – This is the URL or address of your JIRA application, for example dash.atlassian.net.
- JIRA User Email – This is the email Dash will use to authenticate the connection with JIRA. Ensure that this user email has access to the JIRA board(s) you will be connecting Dash with.
- JIRA API Key – This is the API Key associated with the JIRA account and authentication. You can click the “Create API Key” button to generate an API Key for this field.
4. To create a JIRA API Key, click the “Create API Key” link.
You will see a screen similar to this:
5. Click the Create API token button.
6. Enter in a Label name and click the Create button.
7. Copy your API token by clicking the Copy button.
8. Paste the API token into the JIRA API Key field in Dash. Complete all fields, and then click Validate Connection.
9. You will now see options to “Create Compliance Issues”.
Enable this switch. Once this option is enabled, select the JIRA board(s) you would like to send the Dash issues to. If you create a new JIRA board, you may need to refresh the webpage to see the new board in the options.
JIRA Options:
Create Compliance Issues – Enable/disable sending of newly created/rediscovered Compliance Center issues to JIRA.
Create SecurityHub Issues – Enable/disable sending of newly created/rediscovered SecurityHub connected Compliance Center issues to JIRA. (This may create many JIRA cards)
Select JIRA Board for Compliance Issues – Select a JIRA board to send Issues to (Currently only Classic JIRA projects are supported. Next-gen Projects are not currently supported)
Send Sample Issue – Test the JIRA connection by clicking this button. A single JIRA cards should be created in the selected JIRA board.
Send All Issues – For teams that have many previous compliance center issues they would like to send to JIRA. This button can be used to send All current issues and cards over to the JIRA board.
Just as a reminder:
Compliance Issues will send compliance issues from the Dash Compliance Center to the assigned JIRA board when:
- A new Dash Compliance Center issue is discovered/created
- A resolved Dash Compliance Center issue is rediscovered by Dash
Viewing Dash Compliance Issues In JIRA
1. After connecting your JIRA service and enabling creation of Dash Compliance Issues and/or Policy Issues, future issues will be created as cards on the defined JIRA boards. (You may not see issues until scans find new compliance issues)
2. To view Dash Issues in JIRA – Login to JIRA – Navigate to the defined JIRA Board
3. Dash will create a JIRA Issue (Card) in the board Backlog for each Dash compliance issue as it occurs. You can view these issues in Scrum and Kanban JIRA boards.
For Compliance Issues:
Compliance Issues from Dash, such as issues around networking, encryption, and backup issues show up as issues in your JIRA Backlog. We can see this our Backlog section of our Kanban board or on the Backlog Page of our Scrum Board.
You can click on individual Compliance Issue to view additional context and navigate to issues in Dash ComplyOps. Each Compliance issue will have nested subtasks for each issue object affected by the issue.
In this way your team can track and manage issues with multiple affected resources/objects.
Your team can manage Compliance Issues in your JIRA workflow, similar to any other issues. When future Compliance issues are created in the Dash Compliance Center, they will be added to the Backlog for the defined JIRA board.