Integrating with Jira has always been an important piece of integrating HackerOne into the SDLC of our customers. HackerOne’s bi-directional Jira integration is currently in use by many of our customers and today we’re announcing how it’s getting even better.
Building on the bi-directional Jira integration, we’re launching six major improvements that will help to automate your work and will save time while focusing on getting vulnerabilities fixed.
Choosing between multiple projects
When your engineering team grows, teams start to split off their work into separate projects. It can be challenging to get the issues in the right hands if you can’t specify where you want to escalate the reports to. That’s why we’ve added the ability to select the Jira project you want to send the issue to.
Support for additional fields
We’ve completely revamped our report escalation template to be more flexible when it comes to escalating an issue to Jira. The new template will automatically pull all fields from your Jira instance when specifying the issue type. This allows you to natively map all fields you have in Jira to a value from the HackerOne report.
While escalating an issue to Jira is already fully automated and requires only a click on a button, there’s still one thing that wasn’t automatically sent over: attachments. From now on, you can opt-in to synchronize attachments from the HackerOne report to Jira as well. This will reduce the amount of manual work before getting an issue in your developer’s hands, and it will even keep synchronizing if new updates or attachments are added.
Automated report closure
While solving the issue in Jira is one step, solving the report in HackerOne was another. Those days are now gone! You can now select which Jira state should result in the closure of the HackerOne report. This will help you speed up the process and bring down the time to resolution by taking away all manual steps.
Severity to Priority mapping
HackerOne’s severity scores are coming to Jira! Every company has its own way of prioritization and Jira is flexible into what can be used to set priorities. We’re introducing a Severity to Priority mapping that allows you to map HackerOne severity ratings to the priority fields you have in your Jira. When escalating a report to Jira, the right priority will automatically be set based on the severity of the report in HackerOne.
Link reports to an existing issue
Vulnerabilities can be coming from multiple sources, as we’re tapping directly into your development life cycle we feel it’s important to allow you to map issues back to HackerOne when a report gets submitted that’s already a known issue. That’s why we introduced the ability to link a HackerOne report to an existing issue, rather than being forced to create a new issue all the time. Updates will come in as usual, and all features above can be applied to these issues as well.
All Jira improvements are available immediately for our Professional and Enterprise customers. All features listed above are optional features and can be turned on or off per feature. We’ve updated our documentation as well to reflect all new options that are available for the Jira integration.
We’re always looking to improve our platform. Keep an eye on our blog, and please let us know if you have feedback or suggestions.