Integrate GitHub Advanced Security with Jira

The security feature in Jira allows you to view, triage, and track security vulnerabilities from GitHub Advanced Security. To get this feature working, you’ll need to:

1. Install the GitHub for Jira app.

2. Connect a GitHub organization.

3. Add GitHub Advanced Security to your Jira project.

4. Connect security containers to your project.

Before you begin

For some organizations, the task of integrating GitHub Advanced Security might involve multiple team members:

• A Jira site admin will install the GitHub for Jira app.

• A GitHub organization owner will connect a GitHub organization to your Jira site.

• A Jira project admin will add GitHub Advanced Security to a project and connect security containers.

Install the GitHub for Jira app

1. In Jira, select Apps, then select Explore more apps.

2. Search for GitHub for Jira, then select it from the results.

3. Select Get app, then Get it now.

Connect a GitHub organization

1. After the app is installed, select Get started. If the app is already installed on your Jira site, you can find this section by selecting Apps, then Manage your apps, and then GitHub for Jira.

2. Select Continue.

3. Select GitHub Cloud, then Next.

4. Enter your GitHub username and password, then Sign in.

5. Find the organization you want to connect to Jira, then select Connect.

Add GitHub Advanced Security to your Jira project

To track security vulnerabilities from GitHub in your Jira project, you’ll need to add GitHub Advanced Security to your project. If you want to track vulnerabilities in more than one Jira project, add GitHub Advanced Security to each one.

1. Next to your project's name in the sidebar, select More actions (•••), then Project settings.

2. Select Toolchain.

3. Select the Add button, then Add tool.

4. Find GitHub Advanced Security, then select Add to project.

Connect security containers to your project

Before you can view vulnerabilities in the security feature, you must add at least one security container to your project.

1. Next to your project's name in the sidebar, select More actions (•••), then Project settings.

2. select Work items > Security.

3. Select Edit security containers.

4. Select the add connection button (+) for GitHub Advanced Security.

5. Choose a container from the list, then select Add.

The security feature will now show the most recent vulnerabilities from your connected security containers in GitHub. Here’s how to link security vulnerabilities to Jira issues so you can triage and track them with your team.

Fix out-of-sync GitHub vulnerabilities in Jira

Occasionally, security vulnerabilities may be withdrawn in GitHub Advanced Security without being updated in Jira. If you notice a number of these withdrawn vulnerabilities still appearing in Jira, you can disconnect and reconnect the affected organization to make sure you’re seeing the latest data.

To disconnect the organization:

1. In Jira, select Apps, then Manage your apps.

2. Select GitHub for Jira, then Get started.

3. Find the organization you’re having trouble with, select the more actions icon (…), then select Disconnect.

4. Select Disconnect again to confirm.

Then, to reconnect the organization:

1. Select Connect a GitHub organization, then Connect GitHub Cloud.

2. Select Continue.

3. Select GitHub Cloud, then Next.

4. Enter your GitHub username and password, then Sign in.

5. Find the organization you want to connect to Jira, then select Connect.

6. When connection is complete, select Exit set up.

The organization has now been reconnected to Jira. Wait for the backfill process to complete, and all your GitHub security data will be up to date in Jira.