Jira & InsightAppSec

Close the Loop Between Security 和 Application Development

Ever send a vulnerability report to your development team 和 have it go ignored for days, 甚至几周? Or perhaps you’re an application developer 和 a 100+ page PDF of “vulnerabilities” in your app leaves you at a loss for next steps. 太频繁, the close coordination required between security 和 development teams to effectively patch 和 remediate application security bugs is hindered by suboptimal delivery methods (Read: Gigantic, static PDF reports sent through email that get easily lost or forgotten).

For truly effective application security remediation, security 和 development teams must underst和 each others’ priorities, 工作流, 和流程. Having the right tools to enable this is especially critical, which is why Rapid7’s DAST (Dynamic 应用程序安全测试) tools, InsightAppSec 和 AppSpider Enterprise, both integrate with the Atlassian Jira ticketing system. 通过这个集成, application vulnerabilities are exported directly to Jira for immediate developer visibility. The result is pretty utopian: security 和 development teams moving forward in lock-step towards a stronger risk posture.

它是如何工作的

In InsightAppSec or AppSpider Enterprise, configure the Jira integration by supplying the URL, 登录凭证, 和 default project 和 issue type to the Jira server. 在InsightAppSec中, you can also map the vulnerability 状态 和 priority to corresponding Jira 状态es 和 priorities. The summary 和 description of the created tickets can also be customized. 一旦建立了集成, simply select vulnerabilities in InsightAppSec or AppSpider Enterprise 和 click the “Export to Jira” button to create corresponding tickets for each vulnerability.