Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira automation to close issue when vulnerability is closed?

Mike Tocci
Mike Tocci
Contributor
July 7, 2023

We have integrated Snyk into the new Jira Security feature. Now Snyk alerts flow in, and we have an automation to create an issue when a vulnerability is found. So far so good.

Now we see that vulnerabilities are being closed automatically by Snyk as we remediate issues, and this closed status is being detected by the Jira issue in the Security field on the right side (see screenshot).

My question: is there a way to access this new Security field so that I can automatically close this issue?

 

2023-07-07_09-35-42.png

Answer
Watch
Like John Funk likes this
2152 views

7 answers

1 accepted

1 vote
Answer accepted
Bill Sheboy
Bill Sheboy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 7, 2023

Hi @Mike Tocci 

I suspect the answer depends on how that new field/information from the marketplace addon is populated.  And in my experience, a field dynamically updated from the addon may not be directly accessible by rules until it changes...and even then, it must be captured in a created variable to use it.

First thing, to learn if it has a custom field provided to rules please use the how-to article linked below.  Essentially you would identify an issue with the field, and then call the REST API with a browser, and then search for your field.  If you see the field, it may be supported.  https://support.atlassian.com/cloud-automation/docs/find-the-smart-value-for-a-field/

Next, check the marketplace vendor's documentation on how to use their product with automation rules.  It may be possible to use a webhook triggered rule to detect the field change and then make your issue transition.

Kind regards,
Bill

View More Comments
Mike Tocci
Mike Tocci
Contributor
July 12, 2023

Hey @Bill Sheboy I did use the api to get the full json structure of an issue, and I see that the security field does not exist. So it looks like we do not have access to this data. Hope they roll out more automations for the security feature 🤞

Like Sarah Derr likes this
Bill Sheboy
Bill Sheboy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 12, 2023

A possible work-around might be...dynamic fields (without a custom field) can sometimes be saved in a created variable (or other field) and then used in the rule.  So try this, triggering the rule from an issue which has that field:

  • trigger: manual
  • action: create variable
    • name: varSecurity
    • value: {{issue.Security}}
  • action: write the variable to the audit log, {{varSecurity}}

If you see a value in the log, you could try another trigger to start the rule and then use it for your scenario.  If you do not see the value, it is not available.

Like
Mike Tocci
Mike Tocci
Contributor
July 13, 2023

Hey @Bill Sheboy I would try that but the json structure of the ticket shows that there is nothing like issue.security to create a trigger on. I think this is totally outside the ticket data. Thanks!

Like Bill Sheboy likes this
Bill Sheboy
Bill Sheboy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 13, 2023

I do not believe the dynamically generated fields show in the issue search JSON (from the REST API), even though they may be accessible to the issue.  Perhaps try a quick test and just write it to the audit log to learn if that is the case.

Like
Mike Tocci
Mike Tocci
Contributor
July 14, 2023

Thanks @Bill Sheboy I tried your work around and it didn't work. So we'll look for additional automations as they roll out from Atlassian.

Like Bill Sheboy likes this
Reply
1 vote
Tim Costa
Tim Costa August 23, 2024

You can now finally, they don't document it well but this is what I do: 

Set up an automation to run every 12 hours (or whatever you see fit)  to look for the JQL below. 

statusCategory != Done AND vulnerability[status] = CLOSED ORDER BY due ASC, created DESC

The key is   vulnerability[status] = CLOSED


Once it finds those issues create a Branch for each issue then transition the issue to whatever "Done" status you choose. 


This just started working for us a few months ago. 

Good luck.\


Reply
0 votes
Ryan Pettaway
Ryan Pettaway
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 23, 2024

Hey @Mike Tocci 

 

Sorry, this isnt an answer more of a question, is your Security field custom or part of an addon? I'm curious how you're getting this mapped and changed dynamically. I'm sure many of us would love to have this exact sort of feature to automatically close vulnerability related issues when the vulnerability itself has been closed from its source.

Reply
0 votes
Jose Lomeli
Jose Lomeli April 11, 2024

Hi @Mike Tocci , this was released recently:

JQL vulnerability search | Jira Software Cloud | Atlassian Support

You can create an automation rule using this to automatically close tickets :)

Reply
0 votes
Tim Costa
Tim Costa February 21, 2024

@Mike Tocci 
I know this may be late, and maybe you already figured this out. 

You can set up an automation using smart values to run nightly and find any vulnerabilities that are currently "closed' per Snyk and then close the associated issue. 

If you want more info let me know!

View More Comments
Jose Lomeli
Jose Lomeli February 21, 2024

Hi @Tim Costa , can you explain this with more detail, as far I know, there is no way to get the vulnerability status linked to a ticket

Like
Tim Costa
Tim Costa August 23, 2024

I can't believe I didn't explain this, I am so sorry. 

They don't document it well but this is what I do: 

Set up an automation to run every 12 hours (or whatever you see fit)  to look for the JQL below. 

statusCategory != Done AND vulnerability[status] = CLOSED ORDER BY due ASC, created DESC

The key is   vulnerability[status] = CLOSED


Once it finds those issues create a Branch for each issue then transition the issue to whatever "Done" status you choose. 


This just started working for us a few months ago. 

Good luck.

Like
Reply
0 votes
Jose Lomeli
Jose Lomeli November 21, 2023

For everyone interested in this topic, vote in the following ticket: https://jira.atlassian.com/browse/JRACLOUD-82039, it's one of the solutions that would make possible auto-closing issues and other useful tasks!

Reply
0 votes
Evgenii
Evgenii
Community Champion
July 7, 2023

Hi, @Mike Tocci 

Haven't worked with Snyk, but I suppose, that if you can search for such issues, with closed vulnerabilities, by JQL, you can make rule, that will run by schedule. It will look for not closed issues with closed vulnerabilities and close them.

View More Comments
박 범수
박 범수
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 1, 2023

It seems impossible to scan for vulnerabilities through JQL. 

https://jira.atlassian.com/browse/JRACLOUD-82039

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.