Question - Internal Control Audits integrated in Jira

Forum - Software
1

Yesterday on a call I was asked if we could “Integrate Jira” , so when a Risk Review, Policy Review, Internal Control Audit Record, etc (anything with a deadline) it could be automatically created in Jira.

I have never used Jira so I know little or next to nothing, but creating a free acount on their platform we managed to do it.

image
image2892×646 157 KB

When an Internal Control Audit is created in eramba:

1- we trigger a dynamic status, i was using the condition below but it can take many forms

image
image2688×664 75 KB

2- create a notification that triggers when that dynamic status is trigged, the notification needs to use REST Webhooks with the following settings:

endpoint:
https://company.atlassian.net//rest/api/3/issue

headers:

Content-Type: application/json
User-Agent: eramba
Authorization: Basic <base64 key>

body:

{
    "fields": {
        "project": {
            "key": "<project key>"
        },
        "issuetype": {
            "id": "<issue type>"
        },
        "duedate": "%SECURITYSERVICEAUDIT_PLANNED_DATE%",
        "summary": "Control %INTERNAL_CONTROL_NAME% audit deadline on %SECURITYSERVICEAUDIT_PLANNED_DATE%.",
        "description": {
            "type": "doc",
            "version": 1,
            "content": [
                {
                    "type": "paragraph",
                    "content": [
                        {
                            "type": "text",
                            "text": "description"
                        }
                    ]
                }
            ]
        }
    }
}

The result is that the records get created in Jira including the due-date on the right field.

image
image2944×676 165 KB

You will need the following APIs from Jira to identify the issue type ,project ID, etc:

  • /rest/api/3/issue/createmeta
  • /rest/api/3/issuetype

I hope this helps for inspiration!

2 Likes
2

I have been testing this and works reasonably well.
I have created a status to trigger when a new security incident is created and then configured a webhook notification to create a new Jira Cloud ticket as below. This works fine with one line of text in the description field, but if you add a second line the ticket isn’t created… any ideas and assuming it’s the way Jira formats the macro?

{
    "fields": {
        "project": {
            "key": "XXX"
        },
        "issuetype": {
            "id": "XXXXX"
        },
        "summary": "Test Security Incident %SECURITYINCIDENT_TITLE% Created.",
        "description": {
            "type": "doc",
            "version": 1,
            "content": [
                {
                    "type": "paragraph",
                    "content": [
                        {
                            "type": "text",
                            "text": "%SECURITYINCIDENT_DESCRIPTION%"
                        }
                    ]
                }
            ]
        }
    }
}
3

i’m not a Jira pro, but i noticed that Jira has “Format Types” for any type of field, if you see the “Description” field is not just a string but an array with other options. It took me a while to figure out how to structure the json until Jira was happy with it.

I’m pretty sure one needs to be very well versed on those types, I would test creating API calls from your computer or Postman or something until you get it working as you want and only then try with eramba.

my 2p.