►
From YouTube: GitLab Vulnerability Management / Jira integration
Description
As of GitLab 13.9, you can now create Jira issues directly from vulnerability records in GitLab. See how to enable this new feature and see a quick demo of the integration.
A
A
So
up
into
this
point,
you
could
use
our
gitlab
issues
from
a
finding
in
an
mror
pipeline
or
one
of
the
vulnerability
details
in
one
of
your
default
branches,
and
it
was
a
great
way
to
track
vulnerability.
Work,
progress
in
things
like
using
things
like
our
issue
boards,
but
I
know
a
lot
of
our
customers.
They
also
use
jira
internally,
and
this
was
one
area
where
we
had
a
lot
of
requests
to
include
this
as
part
of
the
integration,
so
that
you
could
create
these
issues
directly
in
your
jira
instance.
A
So
that's
exactly
what
we
did.
So
you
start
by
going
to
your
settings
for
a
project,
so
in
my
oops
go
to
the
integrations
tab
and
we
will
choose
our
jira
integration.
Now,
I'm
not
going
to
go
through
the
setup.
There's
a
lot
of
great
tutorials
on
how
to
get
your
jira
project
integrated
with
your
gitlab
project,
but
as
long
as
you've
got
everything
filled
out,
so
I
already
put
in
my
url
my
credentials
and
token
everything's
all
set
up
now.
What
you'll
notice
is
this
new
enabled
jira
issue
creation
from
vulnerabilities
option?
A
So
what
this
does
when
you
select
it
is,
it
will
actually
you'll
see
the
note
here.
Even
if
gitlab
get
lab
issues
are
enabled,
it
will
override
the
existing
issue.
Tracker
the
gitlab
issue
tracker
if
it's
turned
on
so
before
I
jump
into
this,
I
want
to
show
what
it's
going
to
look
like:
I'm
going
to
open
this
in
a
new
tab,
so
I'll
go
to
my
vulnerability
report
and
I'll
see
here's
a
list
of
open
vulnerabilities
that
I've
got
in
my
test
project.
A
A
This
is
a
gitlab
issue
and
it
will
go
into
the
gitlab
issue
tracker.
So
let
me
pop
back
over
to
the
integration
setting,
so
I
enable
the
box
and
you'll
notice
when
I
do
that.
I
get
this
new
option
to
select
the
juror
issue
type
so
based
on
the
jira
project.
Key
that's
configured
as
part
of
your
jira
just
enabling
the
jira
integration
for
the
project.
A
This
is
going
to
do
a
live
fetch
of
the
configured
issue
types
for
that
project,
so
I
have
these
four
things.
I
actually
have
a
vulnerability
in
this
case.
This
is
a
custom
object.
So
it's
not
one
of
the
out-of-the-box
objects
that
is
configured
and
in
this
case
it
makes
more
sense
for
me
to
track
it.
That
way.
A
A
This
is
a
plot.
This
actually
applies
now
everywhere.
So
if
I'm
looking
at
a
pipeline
security
report
or
in
the
mr,
if
I'm
looking
at
a
new
finding
from
one
of
the
scanners
anywhere,
you
saw
that
create
issue.
Button
will
now
create
a
jira
issue
instead,
so
let's
go
ahead
and
do
that,
so
it's
going
to
open
up
a
new
window
to
my
configured
jira
instance
and
project
and
you'll
notice
that
it
is
a
vulnerability
issue
type.
A
So
this
is
the
jury
issue
type
we've
selected
and
it's
pre-filled
in
the
information
that
was
on
the
vulnerability
detail
itself.
So
the
summary
is
here:
it's
filled
in
the
description
with
this.
This
is
basically
what
we're
using
for
our
link
back
into
git
lab
from
the
jira
side,
and
then
everything
else
is
included
the
same
and
I
can
fill
in
the
required
information.
So
in
this
case
I'll
put
in
my
name,
because
that
is
a
required
field
here
and
we'll
go
ahead
and
create
that.
A
So
now
I
see
my
new
issue
and
I
can
go
and
look
at
it
on
my
issue
board
if
I
choose
to
so
this
is
a
great
way
to
feed
these
from.
Potentially
you
know
your
security
team
who
are
working
in
the
gitlab
vulnerability
side
of
things
and
then
send
these
over
to
the
right
engineering
team
for
remediation
efforts.
A
This
now
shows
up
the
newly
created
issue.
Where
you
know,
if
you
had
to
get
live
issue
tracker,
you
would
see
gitlab
issues
so
now
I
can
easily
get
back
to
exactly
where
it
came
from.
So
we've
kind
of
closed
the
loop
so
to
speak,
and
then
I
here's
that
backlink
that
I
was
talking
about
to
the
issue,
so
this
should
make
it
a
lot
simpler
for
teams
that
are
really
that
are
heavily
using
jira
for
this
integrate
their
current
vulnerability
management
workflows
with
the
jira
system
and
yeah.