SecureFlag ThreatCanvas for Jira

AI-powered threat modelling -- for Jira Cloud and Jira Data Center! 

​

SecureFlag ThreatCanvas for Jira Cloud and Jira Data Center enables developers to easily generate threat models from issues describing new features or changes to be made. ThreatCanvas does the bulk work for them and lets them focus on the unique threats to the application.

ThreatCanvas for Jira Cloud

ThreatCanvas for Jira Data Center

ThreatCanvas for Jira Cloud

Installation

Access the app via the Atlassian marketplace here .

Click the Get it now button and select the site on which you wish to install the app.

Admin Settings

Jira administrators can configure the app to control its availability based on specific projects, issue types, or labels.

Accessing the Configuration

1. Navigate to Apps in the top navigation bar and select Manage your Apps.
   
   
   
   
   
   
   
   
2. Locate the app in the list and click on it to open the details view.
   
   
3. Click Configure to access the settings.
   
   
   
   
   
   
   
   

Configuration Options

The admin settings page provides the following options:

1. Project Filter: Enable this toggle to restrict the app to specific projects.
2. Issue Types & Labels Filter: Enable this toggle to restrict the app based on issue types or labels.

Once a filter is enabled, use the corresponding multi-select dropdown to choose the applicable projects, issue types, or labels.

Saving the Configuration

After selecting the desired filters, click Save to apply the settings.

Note: If a filter toggle remains off, the app will be enabled for all options in that category by default.

Usage

On an issue describing a feature or change, find SecureFlag ThreatCanvas on the right hand side and expand it. Wait for the Launch button to appear, then just press it to get your threat model!

ThreatCanvas for Jira Data Center

Installation

Ensure your Jira instance can make requests to www.secureflag.com in case you have a firewall.

Installing directly on the Jira instance:

1. Log in to your instance of Jira as an admin.
2. Select the Settings dropdown menu (gear icon at the top right) and choose Manage apps.
3. Select Find new apps from the left-hand menu.
4. Once the screen loads, you can type SecureFlag ThreatCanvas in the search bar to find the appropriate app version.
5. Select Install and follow the prompts to install the app.

Alternatively, you can install the app via Atlassian Marketplace as follows:

1. Click the Get it now button to download the plugin .obr file.
2. Within Jira, navigate to the Manage apps or Manage add-ons page. You can do this by clicking on the settings icon at the top right, then selecting either Manage apps or Add-ons, depending on your Jira version. From the left sidebar, select Manage add-ons or Manage apps.
3. Click on the Upload app link. Then, click Browse and navigate to where the threatcanvas-X.X.X.obr file was downloaded. Select it.
4. Click Upload to install the plugin.
5. A progress bar should be presented. Wait for Jira to finish installing the plugin.
6. Done!

Admin Settings

Jira administrators can configure the app to control its availability based on specific projects, issue types, or labels.

Accessing the Configuration

1. Navigate to Settings (the gear icon on the top right) in the top navigation bar and select Manage apps.
   
   
   
   
   
   
   
   
2. Select Manage apps from the left navigation pane.
   
   
3. Locate the app in the list and click on it to open the details view.
   
   
4. Click Configure to access the settings.
   
   
   
   
   
   
   
   

Configuration Options

The admin settings page provides the following options:

1. Project Filter: Enable this toggle to restrict the app to specific projects.
2. Issue Types & Labels Filter: Enable this toggle to restrict the app based on issue types or labels.
3. Once a filter is enabled, use the corresponding multi-select dropdown to choose the applicable projects, issue types, or labels.
   
   
   
   
   
   
   
   

Saving the Configuration

After selecting the desired filters, click Save to apply the settings.

Note: If a filter toggle remains off, the app will be enabled for all options in that category by default.

Enable ThreatCanvas to Create Tasks in Jira

1. In Jira Data Center, in the top right corner click on “Settings” then select “Applications".
   
   
2. In the left menu, click on "Application Links".
   
   
3. Click on "Create Link".
   
   
4. In "Application Type", select “External Application”, in “Direction” select “Incoming”, then click on “Continue".
   
   
   
   
   
   
5. In “Name” type “ThreatCanvas”, in “Redirect URL” type: "https://www.secureflag.com/user/tc-jira.html”, in “Permission” select “Write”. Note: if you are using ThreatCanvas On-Premise update the domain to your custom domain (e.g. https://mythreatcanvas.company.com/user/tc-jira.html).
   
   
6. Then click on “Save".
   
   
   
   
   
   
7. The page will display the Client ID and Client Secret values, note them down.
   
   
   
   
   
   
8. Login on www.secureflag.com as an Organization Admin, browse to Orgs, select your Organization and click on “Details”. Note for ThreatCanvas On-Premise,
   
9. In the “JIRA Data Center Settings” panel, toggle “Jira Data Center Status” to “Active”, and fill the “Client ID”, “Client Secret” and “JIRA Data Center Domain” information. 
   
   
   
   
   
   

Usage

On an issue describing a feature or change, find SecureFlag ThreatCanvas on the right hand side and expand it. Wait for the Launch button to appear, then just press it to get your threat model!

 

• Related Articles

• SecureFlag ThreatCanvas for Azure

  Threat model your features with AI-powered tooling. The SecureFlag ThreatCanvas plugin helps you integrate security early in your development lifecycle by automatically generating threat model diagrams from your Azure Boards work item descriptions. ...

• Jira Plugins

  SecureFlag Knowledge Base for Jira Plugins Contextual software security training for Jira issues, powered by the SecureFlag knowledge base. This app responds to issues that mention security vulnerabilities, with a recommended lab and information from ...

• SecureFlag GitLab Integration

  Contextual software security microtraining for GitLab's vulnerability reports, powered by the SecureFlag Knowledge Base. With our GitLab integration you can receive links to SecureFlag training related to the vulnerability identified in a ...

• SecureFlag Analyzer Extension for VS Code

  AI-powered vulnerability detection, right in your IDE. Overview The SecureFlag Analyzer extension integrates into VS Code to deliver real-time security analysis as you code. Powered by advanced LLMs (Anthropic and ChatGPT), it detects potential ...

• Live Notifications for Slack

  Stay connected, informed, and engaged, right in Slack. The SecureFlag Slack Integration brings personalized, real-time updates from the SecureFlag platform directly into your Slack workspace. Whether you're celebrating achievements, staying on top of ...