GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → reload → github-security-jira

reload / github-security-jira

Licence: MIT License
Github Action for integrating Security Alerts with JIRA

Programming Languages

PHP
23972 projects - #3 most used programming language
Dockerfile
14818 projects
Makefile
30231 projects

Labels

securityjiraactionssecurity-alerts

Projects that are alternatives of or similar to github-security-jira

xray-action
... a GitHub action to import test results into "Xray" - A complete Test Management tool for Jira.
Stars: ✭ 16 (-27.27%)
Mutual labels:  jira, actions
task-completed-checker-action
☑️ A GitHub action that checks if all tasks are completed in the pull requests.
Stars: ✭ 30 (+36.36%)
Mutual labels:  actions
action-deploy-aws-static-site
Batteries-included Github action that deploys a static site to AWS Cloudfront, taking care of DNS, SSL certs and S3 buckets
Stars: ✭ 70 (+218.18%)
Mutual labels:  actions
qodana-action
⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana
Stars: ✭ 112 (+409.09%)
Mutual labels:  actions
generate-changelog
generates changelog from git based on jira tickets
Stars: ✭ 18 (-18.18%)
Mutual labels:  jira
atlassian-kubernetes
All things Atlassian and Kubernetes
Stars: ✭ 30 (+36.36%)
Mutual labels:  jira
jira-cli
🔥 [WIP] Feature-rich interactive Jira command line.
Stars: ✭ 809 (+3577.27%)
Mutual labels:  jira
bridgecrew-action
This Github Action runs Bridgecrew against an Infrastructure-as-Code repository. Bridgecrew performs static security analysis of Terraform & CloudFormation Infrastructure code.
Stars: ✭ 52 (+136.36%)
Mutual labels:  actions
action-sync-node-meta
GitHub Action that syncs package.json with the repository metadata.
Stars: ✭ 25 (+13.64%)
Mutual labels:  actions
setup-jfrog-cli
Set up JFrog CLI in your GitHub Actions workflow
Stars: ✭ 63 (+186.36%)
Mutual labels:  actions
denoflow
Configuration as Code, use YAML to write automated workflows that run on Deno, with any Deno modules, Typescript/Javascript codes
Stars: ✭ 143 (+550%)
Mutual labels:  actions
ghaction-import-gpg
GitHub Action to easily import a GPG key
Stars: ✭ 161 (+631.82%)
Mutual labels:  actions
docker
Scripts to build and use docker images including GHDL
Stars: ✭ 27 (+22.73%)
Mutual labels:  actions
action-autotag
Automatically generate a new tag when the manifest file (package.json, Dockerfile, custom file, etc) version changes.
Stars: ✭ 45 (+104.55%)
Mutual labels:  actions
setup-ionic
Set up your GitHub Actions workflow with Cordova/Ionic environment
Stars: ✭ 23 (+4.55%)
Mutual labels:  actions
k6-example-github-actions
No description or website provided.
Stars: ✭ 18 (-18.18%)
Mutual labels:  actions
tip
GitHub Action to keep a 'tip' pre-release always up-to-date
Stars: ✭ 18 (-18.18%)
Mutual labels:  actions
supply-chain-goat
Hands-on tutorials to learn about software supply chain security
Stars: ✭ 39 (+77.27%)
Mutual labels:  actions
JirAgileR
User-friendly 🔹JIRA API wrapper. Track projects & issues from within R
Stars: ✭ 22 (+0%)
Mutual labels:  jira
memer-action
A GitHub Action for Programmer Memes xD
Stars: ✭ 21 (-4.55%)
Mutual labels:  actions
View All Similar Projects ➔

github-security-jira

GitHub Action for mapping security alerts to Jira tickets.

Setup

You need the following pieces set up to sync alerts with Jira:

  1. Two repo secrets containing a GitHub access token and a Jira API token, respectively.
  2. A workflow file which runs the action on a schedule, continually creating new tickets when necessary.

Repo secrets

The reload/github-security-jira action requires you to create two encrypted secrets in the repo:

  1. A secret called GitHubSecurityToken which should contain a Personal Access Token for the GitHub user under which this action should be executed. The token must include the public_repo scope if checking only public repos, or the repo scope for use on private repos. Also, the user must have access to security alerts in the repo.
  2. A secret called JiraApiToken containing an API Token for the Jira user that should be used to create tickets.

Workflow file setup

The GitHub workflow file should reside in any repo where you want to sync security alerts with Jira.

It has some required and some optional settings, which are passed to the action as environment variables:

  • GH_SECURITY_TOKEN: A reference to the repo secret GitHubSecurityToken (REQUIRED)
  • JIRA_TOKEN: A reference to the repo secret JiraApiToken (REQUIRED)
  • JIRA_HOST: The endpoint for your Jira instance, e.g. https://foo.atlassian.net (REQUIRED)
  • JIRA_USER: The ID of the Jira user which is associated with the 'JiraApiToken' secret, eg '[email protected]' (REQUIRED)
  • JIRA_PROJECT: The project key for the Jira project where issues should be created, eg TEST or ABC. (REQUIRED)
  • JIRA_ISSUE_TYPE: Type of issue to create, e.g. Security. Defaults to Bug. (Optional)
  • JIRA_WATCHERS: Jira users to add as watchers to tickets. Separate multiple watchers with comma (no spaces).
  • JIRA_ISSUE_LABELS: Jira labels to add to tickets. Separate multiple labels with comma (no spaces).
  • JIRA_RESTRICTED_COMMENT_ROLE: A comment with restricted visibility to this role is posted with info about who was added as watchers to the issue. Defaults to Developers. (Optional)

Here is an example setup which runs this action every 6 hours.

name: GitHub Security Alerts for Jira

on:
  schedule:
    - cron: '0 */6 * * *'

jobs:
  syncSecurityAlerts:
    runs-on: ubuntu-latest
    steps:
      - name: "Sync security alerts to Jira issues"
        uses: reload/[email protected]
        env:
          GH_SECURITY_TOKEN: ${{ secrets.GitHubSecurityToken }}
          JIRA_TOKEN: ${{ secrets.JiraApiToken }}
          JIRA_HOST: https://foo.atlassian.net
          JIRA_USER: [email protected]
          JIRA_PROJECT: ABC
          JIRA_ISSUE_TYPE: Security
          JIRA_WATCHERS: [email protected],[email protected]

Local development

Copy docker-composer.override.example.yml to docker-composer.override.yml and edit according to your settings.

After that, you can execute the Symfony console app like so:

docker-compose run --rm ghsec-jira --verbose --dry-run

Remove the --dry-run option to actually create issues in Jira.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].