1. Support Center
  2. Documentation
  3. Enterprise Edition
  4. Administration tasks
  5. Integrating with Jira

Integrating with Jira

If you use Jira to manage your projects, you can set up an integration with Burp Suite Enterprise Edition. Once configured, this enables you to create Jira tickets directly from the results of a scan. Integration with both cloud-based and server-based Jira installations is supported.

Note

If your Jira server is configured to use HTTPS, you need to make sure that it has a CA-signed certificate. Burp Suite Enterprise Edition does not currently support integration using self-signed certificates.

Creating your Jira API token (cloud only)

If you want to integrate a cloud-based Jira installation, you first need to create a Jira API token. This is used to authenticate communication with Jira. If you use a server-based Jira installation, you can skip this step.

  1. Log in to Jira as the user that you want to use for the integration. This must be a user that is authorized to create tickets. Remember this user because you will need to provide the credentials in Burp Suite Enterprise Edition in order to complete the integration.
  2. In Jira, click your user icon and open your account settings.
  3. On the account settings page, go to the "Security" section.
  4. Click "Create and manage API tokens" and then "Create API token".
  5. Enter a label for the token and click "Create".
  6. Copy the token to your clipboard and save it somewhere secure. Note that you will not be able to view or copy this token again once you close the popup.

Configuring the integration

To enable the Jira integration, you first need to configure some basic settings so that the Enterprise server and Jira can communicate. You also specify the Jira projects for which tickets can be created.

  1. Log in to Burp Suite Enterprise Edition as an administrator.
  2. Click the settings icon and select "Jira integration".
  3. Enter the URL for your Jira server. This is either your internal server URL for on-premise installations or the URL of your cloud server.
  4. For cloud-based Jira installations, enter the email address and the API token of a Jira user that is authorized to create tickets. For server-based Jira installations, enter the username and password of a user that is authorized to create tickets.
  5. Click "Connect to Jira". If the connection was successful, a message will inform you of this and the options for configuring your Jira settings will appear on the screen. Otherwise, an error message will inform you that the connection could not be established.

Configuring manual Jira ticket creation

After you have successfully connected to your Jira server, you can specify the Jira projects and ticket types for which users can create tickets from Burp Suite Enterprise Edition.

  1. Log in to Burp Suite Enterprise Edition as an administrator. Click the settings icon and select "Jira integration".
  2. Under "Manual ticket creation", use the drop-down lists to select the relevant Jira projects and ticket types. You can add as many new entries as necessary.
  3. When you're finished, click "Save".

Configuring automatic Jira ticket creation

After you have successfully connected to your Jira server, you can choose whether you want Burp Suite Enterprise Edition to automatically create Jira tickets for new issues that are discovered during scans. You can control which issues are considered new by adjusting the scan delta settings on the "Sites and scan data" settings page.

  1. Log in to Burp Suite Enterprise Edition as an administrator. Click the settings icon and select "Jira integration".
  2. Under "Automatic ticket creation", use the switch to enable this setting.
  3. Use the drop-down lists to select each project and ticket type. Use the sliders to specify the minimum severity and confidence level for which Burp Suite Enterprise Edition should automatically create Jira tickets for the selected project.
  4. When you're finished, click "Save".

Note

Please keep in mind that even tickets that were created automatically by Burp Suite Enterprise Edition will need to be processed manually in Jira. We recommend being conservative with automatic ticket creation until you have a better understanding of how many tickets will be generated. Otherwise, you might unintentionally clutter your Jira backlog with an overwhelming number of tickets.

Settings for automatically creating Jira tickets

Manually creating Jira tickets

Once you have configured the integration with Jira, users can manually create tickets for issues, or link an issue to an existing ticket, directly from the scan results. You can link an issue to multiple Jira tickets.

  1. Log in to Burp Suite Enterprise Edition.
  2. Open the issue for which you want to create a ticket.
  3. In the upper-right corner of the screen, click the "Link to Jira" button.
  4. In the popup that appears, select whether you want to create a new ticket in Jira or link to an existing one. To link to an existing ticket, you need to enter the exact ticket number.
  5. Select the project and ticket type. This is based on the list of combinations that the administrator created when configuring the Jira integration.
  6. Confirm your settings.

A ticket containing a link to the issue and some basic information about it is added to the Jira project backlog. In Jira, you can now assign the issue to a sprint or other project workflow as you would any other ticket. In Burp Suite Enterprise Edition, the issue now contains a "Linked Jira ticket" tab, where you can choose to unlink the ticket. However, please be aware that when you unlink a ticket from an issue, the ticket still exists in Jira and must be closed manually.

Note

The HTTP requests and responses for issues are currently not included automatically in the Jira ticket. Although a link to the issue is provided, if the developer assigned to investigate the issue does not have access to a Burp Suite Enterprise Edition account, you may need to download the HTML report and attach it to the Jira ticket manually.