Automatically send vulnerabilities to Jira

Overview

You can connect Helm to Jira to automatically send vulnerabilities from selected products. These will be stored in the Jira security board. You can then decide which to convert into Jira tickets, stories, etc.

The Jira integration allows security teams to bridge the gap between vulnerability management in Helm and project management in Jira. This integration automatically synchronizes vulnerability data from your Helm-monitored products into your Jira instance, where they appear as security information that can be linked to development work.

What You'll Need

Before getting started, ensure you have:

• Jira Cloud instance with admin permissions

• Helm API credentials or bearer token

• Organization identifier from Helm

Installation and setup

1. Install the Helm Security app

1. In your Jira instance, navigate to Apps > Find new apps.

2. Search for "Helm Security" and install the app. The app will request permissions to access your Jira security information.

2. Configure the integration

1. After installation, go to Apps > Manage apps > Helm Security.

2. Click Configure to access the setup page.

3. You'll need to provide:

   • Your Helm API credentials or bearer token

   • Organization identifier from Helm

3. Associate Helm products with Jira projects

1. In the configuration interface, select which Helm products should sync with which Jira projects

2. Each Helm product becomes a "container" that can be associated with one or more Jira projects

3. Save your configuration to begin synchronization

Using the integration

View vulnerabilities in Jira

Once configured, vulnerabilities will appear in the security section of your Jira projects:

1. Navigate to any associated Jira project.

2. Look for the Security tab or section.

3. Vulnerabilities from the linked Helm products will be listed with:

   • CVE identifier

   • Severity level

   • Affected component

   • Description

   • Remediation guidance

Create Jira issues from vulnerabilities

1. From the Jira security board, select any vulnerability.

2. Click Create Issue or Link to Issue.

3. Choose the issue type (Story, Task, Bug, etc.).

4. The vulnerability details will be automatically populated.

5. Assign to team members and set priority as needed.

Vulnerability updates

• Vulnerabilities are synchronized on a regular schedule.

• New vulnerabilities automatically appear in Jira.

• Resolved vulnerabilities are updated to reflect their status.

• Each vulnerability includes an update sequence number for tracking changes.

Key features

Automatic synchronization

• Vulnerabilities are automatically sent from Helm to Jira.

• Updates occur regularly to keep information current.

• No manual intervention required once configured.

Vulnerability tracking

• Each vulnerability is identified by its CVE ID.

• Track remediation progress directly in Jira.

• Link vulnerabilities to development work items.

Jira Security Board integration

• Vulnerabilities appear alongside other security tools.

• Consistent interface with existing Jira security features.

• Standard Jira workflows apply to vulnerability management.

Managing the Integration

Once configured, you can:

• Monitor synchronization: View sync status and history in the Helm Security app settings

• Modify associations: Add or remove product-to-project associations

Workspaces and containers

• Workspaces correspond to your organizations in Helm

• Containers correspond to your organization's products or product versions

• During setup, you associate specific Helm products with Jira projects

Best practices

Organization

• Associate related products with the same Jira project for better oversight.

• Use consistent naming conventions for created issues.

• Tag vulnerability-related issues for easy filtering.

Workflow integration

• Create templates for common vulnerability types.

• Set up automation rules for high-severity vulnerabilities.

• Establish clear assignment rules for security issues.

Troubleshooting

Common Issues

• Vulnerabilities not appearing: Check API credentials and product associations.

• Outdated information: Verify the synchronization schedule is active.

• Permission errors: Ensure the Helm app has proper Jira permissions.

Support

If you encounter issues with the Jira integration:

1. Check your Helm API credentials are valid.

2. Verify product associations are correctly configured.

3. Contact support with your Jira instance details and error messages.

Security considerations

Data privacy

• Only vulnerability metadata is shared with Jira.

• No sensitive application code or internal details are transmitted.

• Data transmission uses secure JWT tokens.

Access control

• Jira project permissions control who can view vulnerabilities.

• Standard Jira security models apply to vulnerability data.

• Configure appropriate user groups for security information access.

Limitations

• Remediation actions must be performed in Helm.

• Two-way synchronization is not currently supported, but is under active investigation.