Configuration
Nullify will create a new issue in Jira for each vulnerability it finds above the specified threshold. You will need to set your Jira Project Key and Issue Type in the .nullify.yml file.
The Project Key (project_key) is the key of the project in Jira. This is the same as the project key in the URL when you are in the project.
The Issue Type (issue_type) is the type of the issue that will be created by Nullify. The default value is "Task". You can find the possible issue types in the project settings -> Issues -> Types. (The URL should be of the form https://your-team.atlassian.net/plugins/servlet/project-config/YOUR-PROJECT-KEY/issuetypes)
You may choose to create a separate issue type for Nullify's findings. This is useful if you want to keep track of tickets opened by Nullify.
The following is a sample minimal .nullify.yml file for Jira integration.
Optional Configuration
Severity Threshold
By default, Nullify will create tickets with the same severity threshold as that reported in the dashboard. However, you can also set a severity threshold specific to the Jira integration.
For example, you might want to include on the issues dashboard all vulnerabilities of severity MEDIUM or higher, but only create a ticket in Jira for vulnerabilities that are CRITICAL.
Example:
On Fix
By default, Nullify will close the ticket in Jira when the vulnerability is fixed. It will transition the ticket to the "Done" status. If you want to change the status to something else, you can do so by setting the on_fix_transition field to the status you want. This is case insensitive. The transition status must already be existing in the project.
Example:
Disable
You can set disabled to true if you wish to disable Jira ticket creation.
The typical use case for this is if you have Jira integration set up in your global configuration file but want to disable it for a specific repository, such as if that repository is an internal tool/script not used in production.
Last updated