Set up Jira Software Cloud
Learn how to set up Jira Software Cloud and integrate it with other products and applications.
Manage security vulnerabilities in Jira
View key details about each security vulnerability (sent from your security tool) in the security feature in Jira Software.
The feature shows vulnerability severity, status (like open, closed, and ignored) and identifier. Select the vulnerability title to go to your security tool more details.
Importantly, the security feature lets you triage these vulnerabilities. Once you’ve assessed each vulnerability (based on factors like severity or how complex the fix is), link it to an issue, add the issue to your sprint or backlog, assign it to someone in your team, and track it until it’s resolved.
Link a vulnerability to an issue
You can create a new issue for a vulnerability, or link it to an existing issue. And you can link a vulnerability to more than one issue.
From your project's sidebar, select Security.
In the vulnerabilities section, find the vulnerability you want to link an issue to, then:
To create a new issue, select Create issue.
To link to an issue that already exists, select the more actions icon () and then Link issue.
If the vulnerability already has an issue linked to it, link another one by selecting the more actions icon () and then Create another issue.
Unlink an issue from a vulnerability
If you want to unlink an issue from a vulnerability:
From your project's sidebar, select Security.
Find the vulnerability, and select the unlink issue icon in the Issues column, then select Unlink, or
Select more actions (•••), then Edit linked issue.
Confirm which issues are currently linked to the vulnerability.
To unlink an issue, select ( x ) next to the issue, then Save.
Unlinking an issue simultaneously removes it from the Issues column in the vulnerabilities table.
Search, filter and sort vulnerabilities
Use the search bar and filters in the vulnerabilities section to customise the list of vulnerabilities to just those you’re interested in.
Ignored and closed vulnerabilities are not shown in the vulnerabilities section by default, but you can choose to view them by using the vuln. status filter.
Select the title of a column in the table to sort all vulnerabilities by that attribute.
For example, you might sort your vulnerabilities by severity and use the issue status filter to hide any that already have issues attached. Now you have a prioritised list of vulnerabilities to assess, create issues for, and assign to your team to resolve.
Was this helpful?