Automatically create issues from vulnerability reports

Automatically create issues from vulnerability reports

You can use Jira automations to create new issues whenever a vulnerability is reported. Follow these steps:
  1. Go to project settings, and enter the automation menu.

  2. Create rule

  3. Add an Incoming webhook trigger and select the “No issues from the webhook” option.

  4. Copy the URL and head over to the Scope menu of your group on the platform. Scroll to the “Hooks” section and add a hook using the URL copied previously.

  5. Add an action to create a new issue filling the fields as needed.

  6. You can use the following variables provided by the webhook:

    • finding_id

    • finding_title

    • group_name

    • severity_score

    • vulnerability_id

    • vulnerability_specific

    • vulnerability_where

    Optionally you can add a condition in the automation, for instance, you can only create new issues for critical vulnerabilities.

    If you prefer to group the vulnerability reports into a single issue per type, you can use a flow like the following:

    First, add a condition to look for existent issues, if there are none, proceed to create the issue.

    Otherwise, add a comment.

    You can also explore other issue actions available, such as creating subtasks or editing the issue body.