Set up the Jira integration | Fluid Attacks

Set up the Jira integration

Info on required permissions
Permissions required: To set up this integration, you need the permission “Administer Jira” on Jira Cloud.
After you have installed the Fluid Attacks app for Jira Cloud, follow these steps to set up the integration:
  1. Navigate to Manage apps, either from the notification you got after installation or from the menu accessible by clicking on the three points next to Apps in the left-side menu.
  2. Manage the connection between Jira and the Fluid Attacks platform

  3. Select Settings under Fluid Attacks in the left-side menu.
  4. Find the Fluid Attacks app settings on the Jira menu

  5. Enter an API token. To generate it, enter the user menu on Fluid Attacks' platform, click on API token and then Add token.
  6. Note on required role
    Note: To generate the API token your client role on Fluid Attacks’ platform must be either User, Vulnerability Manager or Group Manager.
  7. Carefully read Fluid Attacks' disclaimer. Please bear in mind that you are agreeing to Atlassian's data policies. Click on Confirm to proceed.
  8. Accept the Fluid Attacks disclaimer on the Jira app
    Idea
    If the screen seems to freeze after clicking Confirm, refresh the page to see whether the authentication was successful already.
  9. Go back to your project, click on the three dots next to the project name in the left-side menu, and choose Project settings.
  10. See Project settings to integrate Fluid Attacks and Jira

  11. Select Apps > Fluid Attacks from the left-side menu.
  12. Manage project settings on Jira to integrate Fluid Attacks

  13. Provide the same API token you used in step 2 and click on Connect.
  14. Click on the drop-down menu, select the group you want to integrate, and click on Save. You can choose only groups you have access to on Fluid Attacks' platform.
  15. Connect Fluid Attacks group with Jira
You can now go back to your project's main screen and click on Fluid Attacks from the project menu.
Access the Fluid Attacks app on your Jira project

In the app, if you are the Jira instance admin or have the permission "Administer Jira," you can see the reported vulnerabilities of the group you chose in step 8 with their details and the options to link to a Jira issue or create a Jira issue to link.
See vulnerabilities detected by Fluid Attacks from Jira

Note on required permissions
Note: To access linked vulnerabilities and request reattacks on Jira Cloud, you must have the permission to assign or be assigned issues.
Bear in mind that if you need to change the group for which you are viewing reported vulnerabilities, you have to navigate to Project settings > Apps > Fluid Attacks and select the desired group.

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.