1. Support Center
  2. Documentation
  3. Enterprise Edition
  4. How do I
  5. Integrate with Jira

Integrate with Jira

If you use Jira to manage your projects, you can integrate Jira with Burp Suite Enterprise Edition. Once configured, this enables you to create Jira tickets directly from Burp when reviewing the results of a scan. Burp supports integration with both cloud-based and server-based Jira installations.

Note: If you enabled the "Use TLS" option in your Burp network settings, you need to make sure that you're using a CA-signed certificate. Jira integration is currently not supported for self-signed certificates.

Creating your Jira API token (cloud only)

If you want to integrate a cloud-based Jira installation, you first need to create a Jira API token. This is used to authenticate communication between Jira and Burp. If you use a server-based Jira installation, you can skip this step.

  1. Log in to Jira as the user that you want to use for the integration. This should be the same user that you will enter in Burp later and must be a user that is authorized to create tickets.
  2. In Jira, click the user icon in the left-hand navigation bar to open your account settings.
  3. On the account settings page, open the "Security" section.
  4. Click "Create and manage API tokens".
  5. In the navigation bar, click "API tokens" and then "Create API token".
  6. Enter a label for the token and click "Create".
  7. Copy the token to your clipboard and save it somewhere secure. Note that you will not be able to view or copy this token again once you close the popup.
Creating a Jira API token

Configuring the integration

To enable the Jira integration, you first need to configure some basic settings so that Burp and Jira can communicate. You also make a few basic settings to determine which Jira projects can be accessed from within Burp.

  1. Log in to Burp Suite Enterprise Edition as an administrator.
  2. From the burger menu, go to "Settings" > "Jira integration".
  3. Under "Jira system", enter the URL for your Jira server. This is either your internal server URL or the URL of your cloud server depending on your installation.
  4. For cloud-based Jira installations, enter the email address and the API token of a Jira user that is authorized to create tickets. For server-based Jira installations, enter the username and password of a user that is authorized to create tickets.
  5. Click "Connect to Jira". If the connection was successful, the screen indicates this. Otherwise, check your settings and try again.
  6. Under "Manual ticket creation", you can specify the projects for which you want users to be able to create tickets in Burp. You can also limit which ticket types users can create for each project. To add multiple ticket types for the same project, you will need to add a new line for each ticket type.

Configuring automatic ticket creation

On the "Jira integration" settings page, under "Automatic ticket creation", you can choose whether you want Burp to automatically create Jira tickets for issues it has not seen before. You can choose which severity and confidence levels trigger automatic ticket creation. By default, tickets will be automatically created for new issues with a high severity and certain confidence level.

In the scan delta settings, which you can adjust on the "Sites and scan data" page, you can also configure what Burp counts as a new issue for this purpose. By default, this will be based only on the site and issue type. This means, for example, that if an SQL-injection issue has already been reported for a site, then Burp will not create a ticket for any subsequent SQL-injection issues found anywhere on the site. However, you can adjust the settings so that Burp also considers the URL when determining what counts as a new issue. In the example above, this would mean that even if an SQL-injection issue had already been found for the site, Burp would create a separate Jira ticket if another SQL-injection issue was found at a different URL.

Note: Please keep in mind that even tickets that were created automatically by Burp will need to be processed manually in Jira. We recommend being conservative with automatic ticket creation until you have a better understanding of how many tickets will be generated. Otherwise, you might unintentionally clutter your Jira backlog with an overwhelming number of tickets.

Settings for automatically creating Jira tickets

Manually creating Jira tickets from Burp

Once you have configured the integration with Jira, users can manually create tickets for issues, or link an issue to an existing ticket, directly from the scan results in Burp. You can link an issue to multiple Jira tickets.

  1. Log in to Burp Suite Enterprise Edition.
  2. Open the issue for which you want to create a ticket.
  3. In the upper-right corner of the screen, click the "Link to Jira" button.
  4. In the popup that appears, select whether you want to create a new ticket in Jira or link to an existing one. To link to an existing ticket, you need to enter the exact ticket number.
  5. Select the project and ticket type. This is based on the list of combinations that the administrator created when configuring the Jira integration.
  6. Confirm your settings.

A ticket containing a link to the issue and some basic information about it is added to the Jira project backlog. In Jira, you can now assign the issue to a sprint or other project workflow as you would any other ticket. In Burp, the issue now contains a "Linked Jira ticket" tab, where you can choose to unlink the ticket. However, please be aware that when you unlink a ticket from an issue, the ticket still exists in Jira and must be closed manually.

Note: The HTTP requests and responses for issues are currently not included automatically in the Jira ticket. Although a link to the issue is provided, if the developer assigned to investigate the issue does not have access to a Burp Suite Enterprise Edition account, you may need to download the HTML report and attach it to the Jira ticket manually.