Bugcrowd Blog

Product Update: Vulnerability Management Made Easy with the Most Intuitive and Efficient Bi-Directional JIRA Integration

Posted by Travis Andrade on Apr 20, 2017 12:00:00 PM

We are proud to announce the most intuitive and efficient bi-directional JIRA integration for bug bounty programs!

As attack surfaces continue to grow, it has become more and more relevant for organizations to adopt more agile SDLCs. To accommodate for this dynamic process of quickly generating and deploying high-quality code, organizations have turned to centralized software development tools such as JIRA to track and manage software bugs.

We recognize how important it is for our customers to be able to seamlessly integrate vulnerabilities found within their bug bounty programs directly into their SDLC. Thus, we now provide the most intuitive and efficient bi-directional JIRA integration delivering automated workflows to streamline the management of all vulnerabilities from validation to remediation.


“JIRA was built with the goal of improving workflows and enabling teams to work better together,” said Dan Grzelak, head of security, Atlassian. “Pairing the power of JIRA with the insight achieved through your bug bounty program offers teams with unprecedented visibility and control of the development process, enabling faster, quality product releases in one integrated platform. This release provides a competitive advantage for any team using both JIRA and Crowdcontrol.”

Automated Workflow

Our customers can now leverage our bi-directional JIRA integration to improve the efficiency of their application security workflow from start to finish. All Bugcrowd customers have the ability to automatically generate JIRA tickets, once vulnerabilities have been validated in Crowdcontrol with the simple click of a button. This supports quick and seamless communication with developers regarding the details of any real bugs that need to be fixed.

The automation doesn’t stop there! Crowdcontrol now has the ability to easily track bugs through to remediation. Once a developer has fixed the vulnerability and closed the issue in JIRA, the associated submission in Crowdcontrol will automatically be closed to the “resolved” state. 

 

Why is this important?

When a developer fixes a bug and closes the issue in JIRA, it's important that the associated vulnerability in Crowdcontrol is also closed. If it's not, then any related vulnerabilities may be marked as a duplicate rendering poor quality assurance. For example, say a developer by mistake, improperly fixes a bug found in their bug bounty program. If this fix is not properly communicated back into Crowdcontrol then the submission remains in the “unresolved” state and during this time, all incoming submissions related to this issue will be marked as a duplicate. Therefore, we’ve provided automated tracking between the two platforms to quickly communicate fixes and align your application security and development teams.

Intuitive Integration Setup

Connecting JIRA and Crowdcontrol is simple and easy. The entire setup process can be completed within the Crowdcontrol platform. In addition, Crowdcontrol uses an API to pull all existing fields within your JIRA account to deliver a straightforward and intuitive custom field mapping process. This provides our customers the ability to easily map their JIRA ticket fields to the Crowdcontrol submissions field delivering accurate and organized auto-ticket generation in JIRA. To learn more about the JIRA integration setup and field mapping process, visit our Crowdcontrol documentation.

 

Any thoughts, ideas, or questions? We’d love to hear from you at support@bugcrowd.com or @Bugcrowd. 

Product Updates
Travis Andrade

Written by Travis Andrade