Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Access to security container for vuln triggers within project automation

Shannon Tillery
Shannon Tillery March 21, 2024

We have many teams working from the same Jira project and Github Advanced Security integrated with our project. Our Github org includes hundreds of repos, each owned by a single team. We'd like to automate ticket creation triggered by "vulnerability found", but we need to be able to either assign the appropriate Team from the automation or add the security container as a component (which implies the Team). Is there some workaround?

Answer
Watch
Like Berni likes this
526 views

1 answer

0 votes
Armando Jimenez
Armando Jimenez
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 11, 2024

Hi! were you able to achieve this? Right now there is no way to get the repo name or security container name.

View More Comments
Shannon Tillery
Shannon Tillery May 17, 2024

Hi there! I did manage a workaround for now...

I'm using the vulnerability trigger along with the vulnerability.url smart var and regex comparison with org-name/repo-name. We happen to have multiple GH orgs integrated and the vuln trigger will execute against any org/repo integrated with your account, regardless of whether they're included in your project as a security container or not. 

The If block > Conditions look like this

Value
{{vulnerability.url}}

Condition
contains regular expression

Regular expression
my-org\/my-repo-x|my-org\/my-repo-y|my-org\/my-repo-z

Then I have a Create new issue step that sets the Team from the More options > Additional fields section, like this:

{
    "fields": {
        "Team": "36885b3c-1bf0-4f85-a357-c5b858c31de4"
    }
}
You can find the team id from either the team page url or from a simple query using the team display name, like this. Once you select the display name, it'll replace it with the team id.

"Team[Team]"=my-team
 

I also update the Sprint field as part of issue creation to Next Sprint (my-team-board). We triage any vuln enqueued in next sprint weekly. And I'm sending a slack notification to our team channel for Severity = Critical vulns so we can triage those immediately.

 

Hope that helps!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.