Jira automation to close issue when vulnerability is closed?

Mike Tocci July 7, 2023

We have integrated Snyk into the new Jira Security feature. Now Snyk alerts flow in, and we have an automation to create an issue when a vulnerability is found. So far so good.

Now we see that vulnerabilities are being closed automatically by Snyk as we remediate issues, and this closed status is being detected by the Jira issue in the Security field on the right side (see screenshot).

My question: is there a way to access this new Security field so that I can automatically close this issue?

 

2023-07-07_09-35-42.png

5 answers

1 accepted

1 vote
Answer accepted
Bill Sheboy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 7, 2023

Hi @Mike Tocci 

I suspect the answer depends on how that new field/information from the marketplace addon is populated.  And in my experience, a field dynamically updated from the addon may not be directly accessible by rules until it changes...and even then, it must be captured in a created variable to use it.

First thing, to learn if it has a custom field provided to rules please use the how-to article linked below.  Essentially you would identify an issue with the field, and then call the REST API with a browser, and then search for your field.  If you see the field, it may be supported.  https://support.atlassian.com/cloud-automation/docs/find-the-smart-value-for-a-field/

Next, check the marketplace vendor's documentation on how to use their product with automation rules.  It may be possible to use a webhook triggered rule to detect the field change and then make your issue transition.

Kind regards,
Bill

Mike Tocci July 12, 2023

Hey @Bill Sheboy I did use the api to get the full json structure of an issue, and I see that the security field does not exist. So it looks like we do not have access to this data. Hope they roll out more automations for the security feature 🤞

Bill Sheboy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 12, 2023

A possible work-around might be...dynamic fields (without a custom field) can sometimes be saved in a created variable (or other field) and then used in the rule.  So try this, triggering the rule from an issue which has that field:

  • trigger: manual
  • action: create variable
    • name: varSecurity
    • value: {{issue.Security}}
  • action: write the variable to the audit log, {{varSecurity}}

If you see a value in the log, you could try another trigger to start the rule and then use it for your scenario.  If you do not see the value, it is not available.

Mike Tocci July 13, 2023

Hey @Bill Sheboy I would try that but the json structure of the ticket shows that there is nothing like issue.security to create a trigger on. I think this is totally outside the ticket data. Thanks!

Like Bill Sheboy likes this
Bill Sheboy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 13, 2023

I do not believe the dynamically generated fields show in the issue search JSON (from the REST API), even though they may be accessible to the issue.  Perhaps try a quick test and just write it to the audit log to learn if that is the case.

Mike Tocci July 14, 2023

Thanks @Bill Sheboy I tried your work around and it didn't work. So we'll look for additional automations as they roll out from Atlassian.

Like Bill Sheboy likes this
0 votes
Jose Lomeli April 11, 2024

Hi @Mike Tocci , this was released recently:

JQL vulnerability search | Jira Software Cloud | Atlassian Support

You can create an automation rule using this to automatically close tickets :)

0 votes
Tim Costa
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 21, 2024

@Mike Tocci 
I know this may be late, and maybe you already figured this out. 

You can set up an automation using smart values to run nightly and find any vulnerabilities that are currently "closed' per Snyk and then close the associated issue. 

If you want more info let me know!

Jose Lomeli February 21, 2024

Hi @Tim Costa , can you explain this with more detail, as far I know, there is no way to get the vulnerability status linked to a ticket

0 votes
Jose Lomeli November 21, 2023

For everyone interested in this topic, vote in the following ticket: https://jira.atlassian.com/browse/JRACLOUD-82039, it's one of the solutions that would make possible auto-closing issues and other useful tasks!

0 votes
Evgeniy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 7, 2023

Hi, @Mike Tocci 

Haven't worked with Snyk, but I suppose, that if you can search for such issues, with closed vulnerabilities, by JQL, you can make rule, that will run by schedule. It will look for not closed issues with closed vulnerabilities and close them.

박범수
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
November 1, 2023

It seems impossible to scan for vulnerabilities through JQL. 

https://jira.atlassian.com/browse/JRACLOUD-82039

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events