Jira Server and Data Center Integration
Learn how to integrate Jira Server or Jira Data Center with Cobalt. The availability of this feature depends on your PtaaS tier.
If your organization uses Jira Cloud, see Jira Cloud Integration.
Step 1: Connect the Jira Plugin
- In Cobalt, go to Integrations > Jira.
- Under What type of Jira setup are you using?, select Jira Server.
- Follow the instructions in the UI to install and connect the Cobalt for Jira DC/Server plugin.
- Return to the Cobalt app, and check the integration status. You should see your Jira instance on the Jira Integration page.
Step 2: Configure the Integration for a Pentest
- In Cobalt, go to Integrations > Jira > Configuration. Here, you can see pentests for which you can configure the integration.
- For the desired pentest, select the gear icon .
- In the overlay that appears, configure integration parameters:
- Jira Project
- Issue Type
- Labels to add to Jira issues
- State Mapping (Jira to Cobalt): Map Jira issue statuses to Cobalt finding states.
- Select Save.
How the Integration Works
Here’s what to expect once you’ve enabled the integration for a pentest:
- The Auto-Push option is enabled for a pentest by default. When a new finding in the Pending Fix state is reported, a new issue is automatically created in Jira. Learn more about how auto-push works.
- Pentest Team Members can push findings manually—if they’re not already synchronized. Learn how to push findings manually.
- Jira issue statuses are synchronized with Cobalt finding states according to your mapping settings.
You can manage Jira connections for specific pentests:
- View the connection status in Integrations > Jira > Configuration. Here, you can see the last synchronization time.
- Adjust the configuration for specific pentests if needed.
Mappings of finding fields to Jira issue fields (Cobalt → Jira Server/DC):
- Finding Title → Jira ticket title
- Pentest ID → Description - Cobalt URL
- Description → Description - Overview
- Affected URL(s) → Description - Browser URL
- Proof of Concept → Description - Steps to Reproduce
- Suggested Fix → Description - Suggested Fix
- Attachments → Attachments
The following parameters are not exported:
- Vulnerability Type
- HTTP Request
NoteYou can synchronize findings’ severity levels with Jira using the Cobalt Severity field. Learn more.
You can add attachments to Cobalt findings. To ensure that attachments are created properly on the Jira Server, verify the following:
- On the machine where Jira Server is installed, locate your
$JIRA_HOMEdirectory. Follow the Atlassian documentation on how to locate the Jira application home directory.
- The user must have permissions to:
- Create a
- Read and write files within the
- Create a
Delete the Integration
You can delete the integration with Jira.
- In Cobalt, navigate to Integrations > Jira, and then select Delete.
- In the Jira admin panel, uninstall the Jira plugin.
Here’s what to expect once you’ve deleted the connection:
- Data synchronization between Cobalt and Jira stops.
- All Jira configurations for specific pentests are deleted. If you decide to reestablish the connection, you need to reconfigure the integration for each pentest.