SecureFlag ThreatCanvas for Jira

SecureFlag ThreatCanvas for Jira

AI-powered threat modelling -- for Jira Cloud and Jira Data Center! 

SecureFlag ThreatCanvas for Jira Cloud and Jira Data Center enables developers to easily generate threat models from issues describing new features or changes to be made. ThreatCanvas does the bulk work for them and lets them focus on the unique threats to the application.

ThreatCanvas for Jira Cloud
ThreatCanvas for Jira Data Center
ThreatCanvas for Jira Cloud

Installation

Access the app via the Atlassian marketplace here .

Click the Get it now button and select the site on which you wish to install the app.

Admin Settings

Jira administrators can configure the app to control its availability by project, issue type, or label, and define a custom ThreatCanvas URL.

Accessing the Configuration

  1. Navigate to the Apps section from the left-hand panel, click the"⋯"  (More actions) icon, and select Manage apps.



  2. In Manage apps, you may see a notification stating that app management has moved to Administration. Click Take me there to continue.



  3. Locate the app in the list, select the "⋯"  icon, and choose Configure to access its settings.

Configuration Options

Plugin Visibility Settings

The admin settings page provides the following options:
  1. Project Filter: Enable this toggle to restrict the app to specific projects.
  2. Issue Types & Labels Filter: Enable this toggle to restrict the app based on issue types or labels.

Once a filter is enabled, use the corresponding multi-select dropdown to choose the applicable projects, issue types, or labels.

Notes
Note: If a filter toggle remains off, the app will be enabled for all options in that category by default.




Custom URL Settings

Admins can configure a custom URL for ThreatCanvas:
  1. Enable Custom URL: Toggle on to allow the use of a custom ThreatCanvas URL.
  2. ThreatCanvas Custom URL: Enter the full URL (including protocol).


Saving the Configuration

After making changes, click Save to apply the settings.

Usage

On an issue describing a feature or change, find SecureFlag ThreatCanvas on the right hand side and expand it. Wait for the Launch button to appear, then just press it to get your threat model!


Additional Issues

Users may optionally include the current issue’s parent or child issues in the ThreatCanvas context:
  1. Under the Include Additional Issues section, expand the dropdown to display related issues.



  2. Select the issues you would like to add to the ThreatCanvas context.



  3. Click Launch to generate your threat model.

ThreatCanvas for Jira Data Center

Installation

Ensure your Jira instance can make requests to www.secureflag.com in case you have a firewall.

Installing directly on the Jira instance:
  1. Log in to your instance of Jira as an admin.
  2. Select the Settings dropdown menu (gear icon at the top right) and choose Manage apps.
  3. Select Find new apps from the left-hand menu.
  4. Once the screen loads, you can type SecureFlag ThreatCanvas in the search bar to find the appropriate app version.
  5. Select Install and follow the prompts to install the app.

Alternatively, you can install the app via Atlassian Marketplace as follows:
  1. Click the Get it now button to download the plugin .obr file.
  2. Within Jira, navigate to the Manage apps or Manage add-ons page. You can do this by clicking on the settings icon at the top right, then selecting either Manage apps or Add-ons, depending on your Jira version. From the left sidebar, select Manage add-ons or Manage apps.
  3. Click on the Upload app link. Then, click Browse and navigate to where the threatcanvas-X.X.X.obr file was downloaded. Select it.
  4. Click Upload to install the plugin.
  5. A progress bar should be presented. Wait for Jira to finish installing the plugin.
  6. Done!

Admin Settings

Jira administrators can configure the app to control its availability by project, issue type, or label, set proxy settings, and define a custom ThreatCanvas URL.

Accessing the Configuration

  1. Navigate to Settings (the gear icon on the top right) in the top navigation bar and select Manage apps.



  2. Select Manage apps from the left navigation pane.

  3. Locate the app in the list and click on it to open the details view.

  4. Click Configure to access the settings.



Configuration Options

Plugin Visibility Settings

The admin settings page provides the following options:
  1. Project Filter: Enable this toggle to restrict the app to specific projects.
  2. Issue Types & Labels Filter: Enable this toggle to restrict the app based on issue types or labels.
  3. Once a filter is enabled, use the corresponding multi-select dropdown to choose the applicable projects, issue types, or labels.

Notes
Note: If a filter toggle remains off, the app will be enabled for all options in that category by default.


Proxy Settings

Admins can configure proxy settings for the app with the following options:
  1. Proxy Enabled: Toggle this option on if your environment requires routing external requests through a proxy server.
  2. Host: Specify the hostname or IP address of the proxy server.
  3. Port: Enter the port number used by the proxy server to handle outgoing connections.


Custom URL Settings

Admins can configure a custom URL for ThreatCanvas:
  1. Enable Custom URL: Toggle on to allow the use of a custom ThreatCanvas URL.
  2. ThreatCanvas Custom URL: Enter the full URL (including protocol).



Saving the Configuration

After making changes, click Save to apply the settings.

Enable ThreatCanvas to Create Tasks in Jira

  1. In Jira Data Center, in the top right corner click on “Settings” then select “Applications".

  2. In the left menu, click on "Application Links".

  3. Click on "Create Link".

  4. In "Application Type", select “External Application”, in “Direction” select “Incoming”, then click on “Continue".


  5. In “Name” type “ThreatCanvas”, in “Redirect URL” type: "https://www.secureflag.com/user/tc-jira.html”, in “Permission” select “Write”. Note: if you are using ThreatCanvas On-Premise update the domain to your custom domain (e.g. https://mythreatcanvas.company.com/user/tc-jira.html).

  6. Then click on “Save".


  7. The page will display the Client ID and Client Secret values, note them down.


  8. Login on www.secureflag.com as an Organization Admin, browse to Orgs, select your Organization and click on “Details”. Note for ThreatCanvas On-Premise,
  9. In the “JIRA Data Center Settings” panel, toggle “Jira Data Center Status” to “Active”, and fill the “Client ID”, “Client Secret” and “JIRA Data Center Domain” information. 



Usage

On an issue describing a feature or change, find SecureFlag ThreatCanvas on the right hand side and expand it. Wait for the Launch button to appear, then just press it to get your threat model!


Additional Issues

Users may optionally include the current issue’s parent or child issues in the ThreatCanvas context:
  1. Under the Include Additional Issues section, expand the dropdown to display related issues.



  2. Select the issues you would like to add to the ThreatCanvas context.


  3. Click Launch to generate your threat model.

 

    • Related Articles

    • SecureFlag ThreatCanvas for Azure

      Threat model your features with AI-powered tooling. The SecureFlag ThreatCanvas plugin helps you integrate security early in your development lifecycle by automatically generating threat model diagrams from your Azure Boards work item descriptions. ...

    • Jira Plugins

      SecureFlag Knowledge Base for Jira Plugins Contextual software security training for Jira issues, powered by the SecureFlag knowledge base. This app responds to issues that mention security vulnerabilities, with a recommended lab and information from ...

    • SecureFlag GitLab Integration

      Contextual software security microtraining for GitLab's vulnerability reports, powered by the SecureFlag Knowledge Base. With our GitLab integration you can receive links to SecureFlag training related to the vulnerability identified in a ...

    • SecureFlag Analyzer Extension for VS Code

      AI-powered vulnerability detection, right in your IDE. Overview The SecureFlag Analyzer extension integrates into VS Code to deliver real-time security analysis as you code. Powered by advanced LLMs (Anthropic and ChatGPT), it detects potential ...

    • Live Notifications for Slack

      Stay connected, informed, and engaged, right in Slack. The SecureFlag Slack Integration brings personalized, real-time updates from the SecureFlag platform directly into your Slack workspace. Whether you're celebrating achievements, staying on top of ...