Jira Integration
Bi-directional sync between SLASH and Jira Cloud
Connect SLASH to Jira Cloud
Integrate SLASH with Jira Cloud to automatically create Jira issues from vulnerabilities, sync statuses bi-directionally, and keep your security and development teams aligned — all without leaving either platform.
Quick Setup:
- Log in to your SLASH account at slash.securitywall.co
- Navigate to Integrations from the left sidebar
- Click "Connect to Jira" and authorize with your Atlassian account
- Select your project, issue type, and configure field mappings
- Set up status mapping in the Jira Dashboard for two-way sync
What is the Jira Integration?
SLASH integrates with Jira Cloud to bridge the gap between your security team and development workflow. Vulnerabilities discovered during penetration testing are automatically created as Jira issues, complete with severity mapping, detailed descriptions, and reproduction steps. When your developers update the status of an issue in Jira, SLASH automatically reflects that change — and vice versa.
How It Works
The integration uses OAuth 2.0 for secure authentication with Atlassian and registers a webhook on your Jira Cloud instance to receive real-time updates. This enables true bi-directional sync — changes made in either SLASH or Jira are automatically propagated to the other platform.
What SLASH Sends to Jira
- Issue Creation: Vulnerabilities are created as Jira issues with title, description, severity-to-priority mapping, and all relevant details
- Status Updates: When a vulnerability status changes in SLASH, the corresponding Jira issue status is updated automatically
- Comments: Comments added to vulnerabilities in SLASH are synced to the Jira issue (when comment sync is enabled)
What Jira Sends Back to SLASH
- Status Changes: When a developer moves a Jira issue to "Done", "In Progress", etc., the mapped SLASH vulnerability status updates automatically
- Comments: Comments added to Jira issues appear on the corresponding SLASH vulnerability with Jira attribution
- Issue Deletion: If a Jira issue is deleted, SLASH clears the link and marks the vulnerability as unsynced
Capabilities
Two-Way Status Sync
Status changes in Jira automatically update SLASH, and vice versa. Configure custom status mappings to match your workflow.
Comment Sync
Comments added in Jira are synced back to SLASH vulnerabilities, keeping all context in one place.
Bulk Send
Send multiple vulnerabilities to Jira at once. Select up to 50 vulnerabilities and send them in a single batch.
Auto-Retry Queue
Failed sends are automatically queued and retried with exponential backoff. No vulnerabilities are lost.
Link Existing Issues
Already have Jira issues? Link them to existing SLASH vulnerabilities without creating duplicates.
Jira Dashboard
A dedicated dashboard with sync status, audit logs, queue monitoring, metrics, and recent activity — all in one place.
Step-by-Step Setup
Navigate to Integrations
Log in to your SLASH account and click on 'Integrations' in the left sidebar navigation panel.
You'll see the Integrations page with available integration options including Slack, Jira, and ClickUp.
Connect to Jira
Click the 'Connect to Jira' button on the Jira integration card.
This will initiate the OAuth 2.0 flow to securely connect your Atlassian account with SLASH. You'll be redirected to Atlassian's authorization page.
Authorize SLASH
On Atlassian's authorization page, review the permissions and click 'Accept' to authorize the SLASH app.
SLASH requires permissions to read and write issues, manage webhooks, and access project information. Your credentials are never stored — SLASH uses OAuth tokens with automatic refresh.
Configure Jira Settings
After authorization, go to the Jira configuration page. Select your Jira project and issue type for vulnerability mapping.
Choose the default project where vulnerabilities will be created as issues, and select the issue type (e.g., Bug, Task, Story). You can also configure field mappings and severity-to-priority mapping.
Set Up Status Mapping
Open the Jira Dashboard and navigate to the Status Mapping tab. Map your Jira statuses to SLASH vulnerability statuses.
This enables bi-directional status sync. For example, map Jira's 'Done' to SLASH's 'Resolved', and Jira's 'In Progress' to SLASH's 'Triaged'. Changes in either platform will automatically sync to the other.
Connect Pentests
Enable Jira for specific pentests by toggling them on in the Jira Dashboard's Connected Pentests section.
Each pentest can be individually connected to Jira. You can also enable Auto-Sync per pentest to automatically send new vulnerabilities to Jira as they are discovered.
Jira Dashboard
Your Command Center for Jira Sync
The Jira Dashboard gives you full visibility into the sync between SLASH and Jira. Access it from Integrations → Jira → Dashboard.
See sync statistics at a glance — how many vulnerabilities are synced, pending, or failed. Quick actions to bulk send or retry failed items.
Configure bi-directional status mappings between SLASH and Jira. Map each Jira status to a SLASH status and vice versa.
Manage which pentests are connected to Jira. Toggle auto-sync per pentest and view sync status for each.
Monitor the retry queue. See pending, processing, and failed jobs. Retry or dismiss failed items.
Full history of all Jira sync activity with 90-day retention. Filter by action type, status, and date range. Clickable Jira issue keys link directly to your Jira instance.
Configuration Options
Status Mapping
Map Jira statuses to SLASH vulnerability statuses for automatic two-way sync:
SLASH → Jira (outbound)
- New → To Do
- Triaged → In Progress
- Resolved → Done
Jira → SLASH (inbound)
- Done → Resolved
- In Progress → Triaged
These are examples. You can configure any mapping that fits your workflow from the Status Mapping tab in the Jira Dashboard.
Field Mapping
SLASH maps vulnerability data to Jira issue fields:
- Summary: Vulnerability title
- Description: Full vulnerability details including steps to reproduce, impact, and remediation
- Priority: Mapped from vulnerability severity (Critical → Highest, High → High, Medium → Medium, Low → Low)
- Labels: Configurable labels automatically applied to created issues
- Assignee: Optionally auto-assign issues to a specific Jira user
Custom fields are also supported. Configure them during the Jira setup in the Configuration page.
Security & Reliability
Security
- OAuth 2.0: Secure authentication with Atlassian. Your Jira credentials are never stored
- Encrypted Tokens: Access and refresh tokens are encrypted at rest using AES-256-GCM
- Webhook Authentication: Inbound webhooks are authenticated with unique cryptographic secrets per client
- CSRF Protection: OAuth state parameters include expiry validation to prevent cross-site request forgery
Reliability
- Auto-Retry Queue: Failed operations are automatically retried with exponential backoff
- Token Refresh: OAuth tokens are automatically refreshed before they expire — no manual re-authentication needed
- Circular Sync Prevention: Built-in 5-second debounce prevents infinite sync loops between platforms
- Audit Trail: Every sync action is logged with 90-day retention for full traceability
Important Notes
Requirements
- Jira Cloud: This integration works with Jira Cloud only. Jira Server and Data Center are not currently supported
- Jira Admin Access: You need permissions to authorize third-party apps in your Atlassian organization
- One Project per Config: Each SLASH configuration maps to one Jira project. Different pentests can use different configurations
Tips
- Set up status mapping before enabling auto-sync to ensure status changes flow correctly from the start
- Use the Link Existing Issue feature for vulnerabilities that were already sent to Jira before the two-way sync was enabled
- Check the Audit Log tab if you're unsure whether a sync happened — every action is logged with timestamps