Skip to main content

Sonatype for Jira

Jira is an issue-tracking tool that’s mainly used by software developers to prioritize bugs and improvements for their software applications.

  • Automatically creates tickets for violations found in your applications, within the projects associated with those applications

  • Report violations to development teams that are already using Jira

  • Automatically transition tickets once they have been remediated

Ensuring Quality

DevSecOps empowers development teams with ownership in deploying and monitoring their applications. Automation is the key to achieving the goals of developing your applications faster while ensuring the quality and security of the open-source components used in your application.

The Sontype for Jira plugins provides automation in the creation and resolution of Jira tickets for open-source violations so your development teams can focus on application security. The plugin uses a webhook event to trigger the creation of tickets when new policy violations occur.

Workflow Example

The following is an example workflow that shows how you can implement the Sonatype for Jira plugin in your organization to take advantage of remediating faster and delivering secure applications.



1. Install

Install the Sonatype for Jira plugin from the Atlassian Marketplace

2. Configure

Configure the plugin and the IQ Server to send webhooks for new issues

3. Kick off a Build

Developers merge changes and kick off a build

4. Violations Found

The build runs and vulnerabilities are found to violate the policy

5. Ticket Created

The plugin adds issues to the application's project

6. Investigate Fixes

Developers use Lifecycle to find versions to upgrade with less risk

7. Upgrade & Test

Upgrade to the optimal version, run unit and integration tests, and rebuild

8. Move to Done

The new build has no policy violations and the Jira issue is moved to 'Done'