Nexus IQ Notifier for Jira: Tutorial

Sonatype Nexus IQ and Atlassian Jira can communicate through the use of webhooks. You can now more tightly integrate security vulnerability mitigation to your software development lifecycle.

Thought you could escape detected vulnerabilities by never leaving your Kanban board? Think again!

By integrating Sonatype’s Nexus to Jira, a Nexus IQ security policy evaluation will automatically generate a Jira issue in the project of your choosing.

How does it work?

The integration consists of the following stages (we’ll go into more detail below):

  • installing the Jira plugin and connecting it to your Nexus IQ server
  • giving your Nexus IQ policy evaluation a webhook notification action
  • enabling the integration in your Jira project.

Installing the Jira plugin

You can find the Nexus IQ for Jira add-on in the Atlassian marketplace. If you have the necessary permissions to install add-ons, you can go ahead and download it to your Jira server.

null

Here’s what the Nexus IQ add-on looks like in the Jira marketplace

The settings for the add-on live in the applications tab of the administration pages. You’ll find three different settings areas: one for actually configuring the connection to Nexus IQ, and two areas showing what kind of information the plugin has successfully pulled from your Nexus IQ server, namely applications and organizations.

In the Jira configuration area you’ll have all the information you need to create a connection between Nexus IQ and Jira. After this you can move on to configuring the conditions that will trigger a webhook.

Nexus IQ Policy: Webhook notification action

Let’s say I would like to get Jira tickets for violations that happen in the staging and release branches. I will edit my custom policy to only fail builds and send notifications if the code is in the build or release stage. After setting the action parameters I enabled the webhook to those same stages.

null

The configuration screen for policies in Nexus IQ

To the Kanban Board

Let’s go back to Jira. I opened the project that I’d like to enable the webhook issue creation to. I chose ‘bug types’ for these Nexus IQ issues. It’s important to add a label to all tickets. A helpful name like – Nexus-IQ – is great for this purpose.

To ensure maximum visibility and minimum annoyance, we will use swimlanes in our Kanban board to separate the Nexus IQ reports from basic development tickets, while still keeping them visible.

null

The example Kanban board with swim lanes for Nexus IQ issues

And to show you what the final result looks like, here is a ticket created from a demo run:

null

An expanded view of an issue generated by Nexus IQ

I’ve walked you through the general steps needed to enable the integration between Nexus IQ and Jira.

Visit the official documentation page for more detail if need be: https://help.sonatype.com/integrations/nexus-iq-for-jira

Start your DevOps transformation

Adopting DevOps methodology and culture can be a huge challenge for organizations, especially those with a long history of outdated development practises. Our three-step development path have guided hundreds of companies through DevOps transformation.

Request a demo

Efimo-10

Stay up-to-date on Eficode ROOT

  • "We are very lucky to have ROOT as our partner!"

    — Mikael Kuisma, Change and Release Manager, DNA telecom company

  • "The Eficode ROOT Team has been very efficient and quick to resolve any problems that come up. All development has been handled professionally and we now have a very reliable product."

    — Christopher Scicluna, IT Project Manager, Valmet Automotive

  • "Centralized DevOps environment service brings us cost savings and VR doesn’t need to worry about the updates and maintenance of servers and softwares."

    — Markus Niskanen, System Architect, VR National Railways

  • "Our annual savings range from millions to tens of millions, when also accounting for the faster launching of products and the ability to respond more rapidly to changing market conditions."

    — Mikael Kuisma, Change and Release Manager, DNA telecom company