Jira Issues
Overview
The Jira Issues page shows all Jira tickets that have been created from security findings, whether automatically during sync or manually by an analyst. This page gives you a centralized view of which vulnerabilities have been formally escalated into your team's issue tracking workflow, along with their current priority, status, and assignment.
Issue Table
The issue table displays all Jira tickets linked to security findings with the following columns:
- Jira Key — The Jira issue key (e.g., SEC-1234). This is a clickable link that opens the issue directly in your Jira instance.
- Summary — The title of the Jira issue, typically derived from the finding title.
- Priority — A color-coded priority indicator: Critical (red), High (orange), Medium (yellow), or Low (blue).
- Status — The current workflow status of the issue as reported by Jira (e.g., To Do, In Progress, Done).
- Assignee — The team member assigned to resolve the issue.
- Created Date — When the Jira issue was created.
- Updated Date — When the Jira issue was last updated.
The table displays 20 issues per page with pagination controls at the bottom.
How Issues Are Created
Jira issues can be created through two paths:
Automatic Escalation
During each sync, findings that match the configured severity filter and do not already have a linked Jira issue are automatically escalated. The platform creates a Jira ticket with an SLA-based due date calculated from the finding's severity. This ensures that high-risk vulnerabilities are tracked in Jira without requiring manual intervention.
Manual Reporting
From the Findings page, analysts can click the Report to Jira button on any finding's detail panel to manually create a Jira issue. This is useful for escalating findings that fall below the automatic severity threshold but still warrant tracking, or for creating tickets with additional context added by the analyst.
Priority Mapping
Finding severity levels are mapped to Jira priorities and SLA due dates as follows:
| Finding Severity | Jira Priority | SLA Due Date |
|---|---|---|
| Critical | Highest | 30 days |
| High | High | 60 days |
| Medium | Medium | 90 days |
| Low | Low | 180 days |
These default SLA values are configurable. See the Configuration guide to learn how to adjust priority mappings and SLA windows to match your organization's policies.
Issue Content
Each Jira issue created by the platform includes the following information to give the assignee full context for remediation:
- Vulnerability Summary — A concise description of the security finding.
- Severity — The severity level of the finding (critical, high, medium, or low).
- Affected Repository — The repository or asset where the vulnerability was detected.
- Affected Component — The specific package, library, or resource affected.
- CVE — The CVE identifier, if applicable, for cross-referencing with public vulnerability databases.
- Remediation Guidance — Step-by-step instructions or recommendations for fixing the vulnerability.
- Source Tool Link — A direct link to the finding in the source tool (Snyk, Cycode, Wiz, or Tenable) for additional details and context.
- SLA Due Date — The date by which the issue should be resolved, based on the priority mapping above.
This structured content ensures that developers and security engineers have everything they need to understand, prioritize, and resolve the vulnerability without switching between multiple tools.