After completing the connection between Jira and Xray, you need to create a Jira Configuration profile. As there are different Jira projects for different teams, the configuration profile enables you to define specific criteria for the issued Jira ticket per Jira project, such as labels and custom mappings defined in the Jira project.
Note
Xray supports the below field types of Jira if you have any other type as a required field, these issue types will not appear in the “Issue Type” list of the profile configuration page
Short Text
Paragraph (Xray does not support rich text)
Drop Down
Check Box / Check Boxes
Labels
Number
Radio Buttons
Select List (multiple choices)
Select List (single choice)
Macros
Xray provides a list of Macros, which you can map to your Custom Fields or Labels of the Jira Project. We would resolve these Macros for a violation and assign appropriate values to the custom fields as part of the ticket creation.Here are the available macros:
Impacted Artifact
Impacted Component
Package Type
Vulnerability ID
Violation Type
Severity
Severity Source
JFrog Research Severity
CVE
CVSS V2 Vector
CVSS V2 Score
CVSS V3 Vector
CVSS V3 Score
CVSS V2 Access Complexity
CVSS V2 Attack Vector
CVSS V3 Attack Complexity
CVSS V3 Attack Vector
Fix Version
Watch Name
Policy Name
Triggered Rule
Component License ID
Fix Version Available?
CVE Applicable
Exposure Fix Cost
Example:
Consider you have a Jira Project called “Xray” and would like to configure the “Security” issue type as a profile and create tickets under it for any violations. Here are the steps you would follow:
The issue type “Security” is configured as below.
Note the custom field “Severity” added to the context fields. “Severity” has the below configuration.
Now, while creating the profile, you select “Xray” as the project type and “Security” as the issue type. Xray automatically lists all the required mandatory fields; in this case, you can see “Severity” listed here.
In “Severity”, you will see two types of options to select: “Dynamic Value” and “Static Value.” These are the options to select an Xray Macro or one of the options you have set in the Jira Custom Field Configurations. Xray displays the most suitable macros based on your custom field configuration.
Assign the Xray macro “Severity” to the Jira custom field; as soon you do this, you will see a popup prompting you to provide a default value. When you map a macro to a mandatory custom field, we need a default value, which we will use while creating the ticket. For example, when a CVE is reported, there may not be a Severity in this case. What would you want to see in the Jira ticket?
You may also want to add a “Label” when Xray creates a ticket. Label is an optional field during ticket generation, you must add that to the profile before editing it. Click “Add Optional Fields” and add Labels to the profile page.
You could select one of the Xray Macros or type in a static text or both. Note that white spaces are not allowed in Jira Labels, these will be replaced by _ (underscores) in the Jira ticket.
To validate your configurations, try “Creating a test ticket.”
Save your profile.