luke

Bug fixes just got a little easier; HackerOne introduces bi-directional JIRA integration

It’s now possible to view updates on JIRA issues right inside your HackerOne Reports. The two-way integration means that whenever a JIRA issue changes state, an internal comment is posted on the appropriate HackerOne Report. No more going back and forth between JIRA and HackerOne!

HackerOne loves JIRA

Why bi-directional integration is so powerful

When you receive a valid vulnerability report, you will want to fix the bug as soon as possible. Getting the bug into the work queue of the engineering team is critical. The easier and faster it happens, the more secure your company will be.

For this need, we have developed an advanced integration between HackerOne and the world’s leading issue tracker JIRA. With our new bi-directional integration, valid bug reports become task assignments in JIRA with a single click, and fixed bugs come back as resolved automatically. It’s like magic. API handoff magic.

This feature improves the collaboration between Security Team and Engineering Team by automating a key function between those teams. We know many CISOs and VPs of Engineering alike have requested this. Now it’s here and it is a significant step in making sure that vulnerability coordination and bug bounty programs become part of the secure software development lifecycle.

We’ve been beta testing this feature for a few weeks with some lucky customers and are now ready to share it with everyone! 

How it works

Let's illustrate this with a real world example:

A HackerOne Report gets triaged and is escalated to JIRA:

Escalated triage screenshot

Hackbot springs into action and the status change is automatically captured, posting an internal comment on the associated HackerOne Report:

Hackbot jira hackerone product screenshot

This helps your development and security teams stay aligned, and contributes to a better workflow to process security vulnerabilities.

Here’s a bulleted list of the events we currently support full integration syncing:

  • Status changes - Know when your team has started working on a JIRA ticket you created. Are you using custom statuses? We will sync back any status changes that you make to your HackerOne report.

  • Resolution changes - See when the JIRA issue is closed without going to JIRA. Are you using custom resolutions? We will make sure any issue resolution make it back to your HackerOne report.

  • Priority changes - Did the team change the priority of the ticket? You can now find it out.

  • Assignee changes - Want to find out who’s assigned to the issue? We will update your HackerOne report any time the assignee changes.

  • Comment added - Stay in the loop on what’s being discussed on the JIRA ticket.

Have any suggestion on what else we should add? Please let us know!

It will function perfectly behind your Firewall

This is that moment in the Steve Jobs presentation where he says “And one more thing” and then goes off and reveals that the iPod is also a phone now. Mind blown. So in honor of Steve, we saved the best for last.

We integrate with both JIRA Cloud and JIRA Server. Including the escalation into JIRA as well as syncing JIRA changes back into HackerOne. This means, you don't have to whitelist HackerOne as incoming traffic.

Nice, right?!

So what’s next

Two-way communication with JIRA is just the beginning. We are actively working on improving our HackerOne JIRA integration and we’ve got some sweet features in the queue. A few capabilities we’re lining up for release include:

  • Updates from HackerOne activity into JIRA

  • Selective event tracking for both HackerOne and JIRA activity

  • One click escalation from HackerOne into JIRA

  • Improved integration setup

How to get started using the bi-directional JIRA integration

If you’re already leveraging our API and enjoy the awesome benefits of being a Professional Edition customer or above, then the feature is ready to go for you! And let us know if you’d like us to support posting more JIRA events into HackerOne Reports!

HackerOne is trusted by over 750 customers including The U.S. Department of Defense, General Motors, Uber, GitHub, Qualcomm and Starbucks. Our community of 100,000 hackers from countries across the globe includes the best and brightest hackers to which we've paid out over $15,000,000 in bounties for their security work.

This awesome feature is brought to you by Siebe Jan, Philip, Maarten, Martijn, Jens and the HackerOne team.

Ps -Drooling over the API and bi-directional API features? Talk to us to sign up for Pro, Enterprise, or even a Fully Managed offering today.

 


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.

The 8th Annual Hacker-Powered Security Report

HPSR blog ad image