Jira Plugins
SecureFlag Knowledge Base for Jira Plugins
Contextual software security training for Jira issues, powered by the SecureFlag knowledge base.
This app responds to issues that mention security vulnerabilities, with a recommended lab and information from the SecureFlag Knowledge Base. Each reply includes an overview of everything a developer needs to know in order to understand and remediate a given type of vulnerability, including example code!
We know that not all developers are security professionals, so CWE (Common Weakness Enumeration) numbers for common vulnerabilities are mapped to the Knowledge Base, providing a description of the vulnerability that is quick and easy to use and apply.
Jira Cloud Plugin
Jira Data Center Plugin
Jira Cloud Plugin
Installation
Access the app via the Atlassian marketplace here .
Click the Get it now button and select the site on which you wish to install the app.
Admin Settings
Jira administrators can configure the app to control its availability based on specific projects, issue types, or labels.
Accessing the Configuration
- Navigate to Apps in the top navigation bar and select Manage your Apps.
- Locate the app in the list and click on it to open the details view.
- Click Configure to access the settings.
Configuration Options
The admin settings page provides the following options:
- Project Filter: Enable this toggle to restrict the app to specific projects.
- Issue Types & Labels Filter: Enable this toggle to restrict the app based on issue types or labels.
- Once a filter is enabled, use the corresponding multi-select dropdown to choose the applicable projects, issue types, or labels.
Saving the configuration
After selecting the desired filters, click Save to apply the settings.
Note: If a filter toggle remains off, the app will be enabled for all options in that category by default.
Usage
Simply mention a software vulnerability by name or CWE number in an issue, in either the title or body, and the bot will reply. Common abbreviations are supported as well.
For example:
Hey, there's a XXE vulnerability here. Please fix ASAP.
Hm, there is another XML Entity Expansion vulnerability. Please audit all HTML forms.
The above steps will instigate a response like the one below:
Jira Data Center Plugin
Installation
Before installing the plugin, check that your Jira instance can access the knowledge-base-api.secureflag.com domain, as this is necessary for the plugin to work. If you have a firewall, it may interfere. This can be tested by running:
curl --silent -i https://knowledge-base-api.secureflag.com/vuln/extract/link --data '{}' | head -n 1The above should return HTTP/2 400.
Installing directly on the Jira instance:
- Log in to your instance of Jira as an admin.
- Select the Settings dropdown menu (gear icon on the top right) and choose Manage apps.
- Select Find new apps from the left-hand menu.
- Once the screen loads, type SecureFlag Knowledge Base in the search bar to find the appropriate app version.
- Select Install and follow the prompts to install the app.
Alternatively, you can install the app via Atlassian Marketplace as follows:
- Click the Get it now button to download the plugin .obr file.
- Within Jira, navigate to the Manage apps or Manage add-ons page. This can be done by clicking on the settings icon at the top right, and clicking either Manage apps or Add-ons, depending on your Jira version. Then, from the sidebar on the left, go to Manage add-ons or Manage apps.
- Click on the Upload app link. Then, click Choose File and navigate to where the knowledgebase-X.X.X.obr file was downloaded. Select it.
- Click Upload to install the plugin.
- A progress bar should be presented. Wait for Jira to finish installing the plugin.
- Done!
Admin Settings
Jira administrators can configure the app to control its availability based on specific projects, issue types, or labels.
Accessing the Configuration
- Navigate to Settings (the gear icon on the top right) in the top navigation bar and select Manage apps.
- Select Manage apps from the left navigation pane.
- Locate the app in the list and click on it to open the details view.
- Click Configure to access the settings.
Configuration Options
Plugin Visibility Settings
Admins can set the plugin visibility controls based on the following options:
- Project Filter: Enable this toggle to restrict the app to specific projects.
- Issue Types & Labels Filter: Enable this toggle to restrict the app based on issue types or labels.
- Once a filter is enabled, use the corresponding multi-select dropdown to choose the applicable projects, issue types, or labels.
Proxy Settings
In this section admins can optionally configure proxy settings for the app with the following options:
- Proxy Enabled: Toggle this option on if your environment requires routing external requests through a proxy server.
- Host: Specify the hostname or IP address of the proxy server.
- Port: Enter the port number used by the proxy server to handle outgoing connections.
Saving the Configuration
After selecting the desired filters, click Save to apply the settings.
Note: If a filter toggle remains off, the app will be enabled for all options in that category by default.Usage
The plugin can be found in the right hand side of the issue view. It will automatically attempt to find a relevant training article from the content of the issue, and display a result accordingly.
By default, it provides a technology-specific article, however by selecting a technology from the dropdown, a custom technology can be selected.
Related Articles
SecureFlag ThreatCanvas for Jira
AI-powered threat modelling -- for Jira Cloud and Jira Data Center! SecureFlag ThreatCanvas for Jira Cloud and Jira Data Center enables developers to easily generate threat models from issues describing new features or changes to be made. ...SonarQube Plugin
Contextual software security training for detected vulnerabilities and Security Hotspots. This plugin lists recent vulnerabilities and security hotspots detected by SonarQube, then attempts to find relevant training labs and remediation advice from ...