Create Jira Issue from Dependabot Alert
Overviewโ
This guide will help you implement a self-service action in Port that allows you to create Jira issues from Dependabot alerts. This functionality streamlines vulnerability management by enabling users to quickly create and track issues for security alerts.
You can implement this action in two ways:
- GitHub workflow: A more flexible approach that allows for complex workflows and custom logic, suitable for teams that want to maintain their automation in Git.
- Synced webhooks: A simpler approach that directly interacts with Jira's API through Port, ideal for quick implementation and minimal setup.
Use casesโ
- Automatically create Jira issues from Dependabot alerts.
- Add detailed metadata to Jira issues from Dependabot alerts.
- Link Dependabot alerts to services in your Port catalog.
Prerequisitesโ
- Complete the onboarding process.
- Access to your Jira organization with permissions to create issues.
- Port's GitHub app needs to be installed.
- Jira API token with permissions to create new issues.
Set up data modelโ
If you haven't installed the Jira integration, you'll need to create blueprints for Jira projects and issues.
However we highly recommend you install the Jira integration to have these automatically set up for you.
Create the Jira Project blueprintโ
-
Go to your Builder page.
-
Click on
+ Blueprint. -
Click on the
{...}button in the top right corner, and choose "Edit JSON". -
Add this JSON schema:
Jira Project Blueprint (Click to expand)
{
"identifier": "jiraProject",
"description": "A Jira project",
"title": "Jira Project",
"icon": "Jira",
"schema": {
"properties": {
"url": {
"title": "Project URL",
"type": "string",
"format": "url",
"description": "URL to the project in Jira"
},
"totalIssues": {
"title": "Total Issues",
"type": "number",
"description": "The total number of issues in the project"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {}
} -
Click "Save" to create the blueprint.
Create the Repository blueprintโ
You should have installed the Port's GitHub app, which automatically creates a Repository blueprint for you. If you haven't installed the app, you can create the Repository blueprint in Port using the schema below:
Repository Blueprint (Click to expand)
{
"identifier": "githubRepository",
"title": "Repository",
"icon": "Github",
"ownership": {
"type": "Direct"
},
"schema": {
"properties": {
"readme": {
"title": "README",
"type": "string",
"format": "markdown"
},
"url": {
"icon": "DefaultProperty",
"title": "Repository URL",
"type": "string",
"format": "url"
},
"defaultBranch": {
"title": "Default branch",
"type": "string"
},
"last_contributor": {
"title": "Last contributor",
"icon": "TwoUsers",
"type": "string",
"format": "user"
},
"last_push": {
"icon": "GitPullRequest",
"title": "Last push",
"description": "Last commit to the main branch",
"type": "string",
"format": "date-time"
},
"require_code_owner_review": {
"title": "Require code owner review",
"type": "boolean",
"icon": "DefaultProperty",
"description": "Requires review from code owners before a pull request can be merged"
},
"require_approval_count": {
"title": "Require approvals",
"type": "number",
"icon": "DefaultProperty",
"description": "The number of approvals required before merging a pull request"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {}
}
Create the Dependabot Alert blueprint
Create the Dependabot Alert blueprint using this schema:
Dependabot Alert Blueprint (Click to expand)
{
"identifier": "githubDependabotAlert",
"title": "Dependabot Alert",
"icon": "Github",
"schema": {
"properties": {
"severity": {
"icon": "DefaultProperty",
"title": "Severity",
"type": "string",
"enum": [
"low",
"medium",
"high",
"critical"
],
"enumColors": {
"low": "green",
"medium": "orange",
"high": "red",
"critical": "red"
}
},
"state": {
"title": "State",
"type": "string",
"enum": [
"auto_dismissed",
"dismissed",
"fixed",
"open"
],
"enumColors": {
"auto_dismissed": "green",
"dismissed": "green",
"fixed": "green",
"open": "red"
},
"icon": "DefaultProperty"
},
"packageName": {
"icon": "DefaultProperty",
"title": "Package Name",
"type": "string"
},
"packageEcosystem": {
"title": "Package Ecosystem",
"type": "string"
},
"manifestPath": {
"title": "Manifest Path",
"type": "string"
},
"scope": {
"title": "Scope",
"type": "string"
},
"ghsaID": {
"title": "GHSA ID",
"type": "string"
},
"cveID": {
"title": "CVE ID",
"type": "string"
},
"url": {
"title": "URL",
"type": "string",
"format": "url"
},
"references": {
"icon": "Vulnerability",
"title": "References",
"type": "array",
"items": {
"type": "string",
"format": "url"
}
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {}
}
To effectively manage your Dependabot alerts, map them to your Repository blueprint in Port. This allows you to categorize and link alerts to the appropriate repositories within your catalog, enhancing visibility and traceability.
Follow this resource mapping guide for detailed steps on how to map Dependabot alerts.
Implementationโ
- Synced webhook
- GitHub workflow
You can create Jira issues from Dependabot alerts by leveraging Port's synced webhooks and secrets to directly interact with the Jira's API. This method simplifies the setup by handling everything within Port.
Add Port secrets
If you have already installed Port's Jira integration, these secrets should already exist in your portal.
To view your existing secrets:
- Click on the
...button in the top right corner of your Port application. - Choose Credentials, then click on the
Secretstab.
To add these secrets to your portal:
-
Click on the
...button in the top right corner of your Port application. -
Click on Credentials.
-
Click on the
Secretstab. -
Click on
+ Secretand add the following secrets:-
JIRA_API_TOKEN- Your Jira API token -
JIRA_USER_EMAIL- The email of the Jira user that owns the API token -
JIRA_AUTH- Base64 encoded string of your Jira credentials. Generate this by running:echo -n "your-email@domain.com:your-api-token" | base64Replace
your-email@domain.comwith your Jira email andyour-api-tokenwith your Jira API token.One time generationThe base64 encoded string only needs to be generated once and will work for all webhook calls until you change your API token.
-
Set up self-service action
Follow these steps to create the self-service action:
-
Head to the self-service page.
-
Click on the
+ New Actionbutton. -
Click on the
{...} Edit JSONbutton. -
Copy and paste the following JSON configuration into the editor.
Create Jira Issue from Dependabot Alert (Webhook) (Click to expand)
{
"identifier": "create_jira_issue_from_dependabot_webhook",
"title": "Create Jira Issue from Dependabot (Webhook)",
"icon": "Jira",
"description": "Creates a Jira issue from dependabot alert using a webhook",
"trigger": {
"type": "self-service",
"operation": "DAY-2",
"userInputs": {
"properties": {
"project": {
"title": "Project Key",
"description": "The Jira project key where the issue will be created",
"icon": "Jira",
"type": "string"
},
"type": {
"title": "Type",
"description": "Issue type",
"icon": "Jira",
"type": "string",
"default": "Task",
"enum": [
"Task",
"Story",
"Bug",
"Epic"
],
"enumColors": {
"Task": "blue",
"Story": "green",
"Bug": "red",
"Epic": "pink"
}
}
},
"required": [
"type",
"project"
]
},
"blueprintIdentifier": "githubDependabotAlert"
},
"invocationMethod": {
"type": "WEBHOOK",
"url": "https://<JIRA_ORGANIZATION_URL>/rest/api/3/issue",
"agent": false,
"synchronized": true,
"method": "POST",
"headers": {
"Authorization": "Basic {{.secrets.JIRA_AUTH}}",
"Content-Type": "application/json"
},
"body": {
"fields": {
"project": {
"key": "{{.inputs.project}}"
},
"summary": "Dependabot Alert: {{.entity.title}}",
"description": {
"version": 1,
"type": "doc",
"content": [
{
"type": "paragraph",
"content": [
{
"type": "text",
"text": "Severity",
"marks": [
{
"type": "strong"
}
]
},
{
"type": "text",
"text": ": {{.entity.properties.severity}}"
}
]
},
{
"type": "paragraph",
"content": [
{
"type": "text",
"text": "State",
"marks": [
{
"type": "strong"
}
]
},
{
"type": "text",
"text": ": {{.entity.properties.state}}"
}
]
},
{
"type": "paragraph",
"content": [
{
"type": "text",
"text": "Package Name",
"marks": [
{
"type": "strong"
}
]
},
{
"type": "text",
"text": ": {{.entity.properties.packageName}}"
}
]
},
{
"type": "paragraph",
"content": [
{
"type": "text",
"text": "Package Ecosystem",
"marks": [
{
"type": "strong"
}
]
},
{
"type": "text",
"text": ": {{.entity.properties.packageEcosystem}}"
}
]
},
{
"type": "paragraph",
"content": [
{
"type": "text",
"text": "Manifest Path",
"marks": [
{
"type": "strong"
}
]
},
{
"type": "text",
"text": ": {{.entity.properties.manifestPath}}"
}
]
},
{
"type": "paragraph",
"content": [
{
"type": "text",
"text": "Scope",
"marks": [
{
"type": "strong"
}
]
},
{
"type": "text",
"text": ": {{.entity.properties.scope}}"
}
]
},
{
"type": "paragraph",
"content": [
{
"type": "text",
"text": "GHSA ID",
"marks": [
{
"type": "strong"
}
]
},
{
"type": "text",
"text": ": {{.entity.properties.ghsaID}}"
}
]
},
{
"type": "paragraph",
"content": [
{
"type": "text",
"text": "CVE ID",
"marks": [
{
"type": "strong"
}
]
},
{
"type": "text",
"text": ": {{.entity.properties.cveID}}"
}
]
},
{
"type": "paragraph",
"content": [
{
"type": "text",
"text": "URL",
"marks": [
{
"type": "strong"
}
]
},
{
"type": "text",
"text": ": "
},
{
"type": "text",
"text": "{{.entity.properties.url}}",
"marks": [
{
"type": "link",
"attrs": {
"href": "{{.entity.properties.url}}"
}
}
]
}
]
}
]
},
"issuetype": {
"name": "{{.inputs.type}}"
},
"labels": ["port-{{.entity.identifier}}"]
}
}
},
"requiredApproval": false
} -
Click
Save.
Now you should see the Create Jira Issue from Dependabot (Webhook) action in the self-service page. ๐
Replace <JIRA_ORGANIZATION_URL> in the webhook URL with your Jira organization URL (e.g., example.atlassian.net).
To implement this use-case using a GitHub workflow, follow these steps:
Add GitHub secrets
In your GitHub repository, go to Settings > Secrets and add the following secrets:
JIRA_API_TOKEN- Jira API token generated by the user.JIRA_BASE_URL- The URL of your Jira organization. For example, https://your-organization.atlassian.net.JIRA_USER_EMAIL- The email of the Jira user that owns the Jira API token.PORT_CLIENT_ID- Your portclient idHow to get the credentials.PORT_CLIENT_SECRET- Your portclient secretHow to get the credentials.
Add GitHub workflow
Create the file .github/workflows/create-jira-issue-from-dependabot.yml in the .github/workflows folder of your repository.
We recommend creating a dedicated repository for the workflows that are used by Port actions.
GitHub Workflow (Click to expand)
name: Create Jira Issue from Dependabot Alert
on:
workflow_dispatch:
inputs:
project:
required: true
type: string
type:
required: true
type: string
port_context:
required: true
type: string
jobs:
create-jira-issue:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Login to Jira
uses: atlassian/gajira-login@v3
env:
JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
- name: Inform starting of Jira issue creation
uses: port-labs/port-github-action@v1
with:
clientId: ${{ secrets.PORT_CLIENT_ID }}
clientSecret: ${{ secrets.PORT_CLIENT_SECRET }}
operation: PATCH_RUN
runId: ${{ fromJson(inputs.port_context).run_id }}
logMessage: "Creating a new Jira issue from Dependabot alert... โด๏ธ"
- name: Create Jira issue
id: create_jira
uses: atlassian/gajira-create@v3
with:
project: ${{ inputs.project }}
issuetype: ${{ inputs.type }}
summary: "Dependabot Alert: ${{ fromJson(inputs.port_context).entity.title }}"
description: |
**Severity**: ${{ fromJson(inputs.port_context).entity.properties.severity }}
**State**: ${{ fromJson(inputs.port_context).entity.properties.state }}
**Package Name**: ${{ fromJson(inputs.port_context).entity.properties.packageName }}
**Package Ecosystem**: ${{ fromJson(inputs.port_context).entity.properties.packageEcosystem }}
**Manifest Path**: ${{ fromJson(inputs.port_context).entity.properties.manifestPath }}
**Scope**: ${{ fromJson(inputs.port_context).entity.properties.scope }}
**GHSA ID**: ${{ fromJson(inputs.port_context).entity.properties.ghsaID }}
**CVE ID**: ${{ fromJson(inputs.port_context).entity.properties.cveID }}
**URL**: ${{ fromJson(inputs.port_context).entity.properties.url }}
fields: |
{
"labels": ["port-${{ fromJson(inputs.port_context).entity.identifier }}"]
}
- name: Inform creation of Jira issue
uses: port-labs/port-github-action@v1
with:
clientId: ${{ secrets.PORT_CLIENT_ID }}
clientSecret: ${{ secrets.PORT_CLIENT_SECRET }}
operation: PATCH_RUN
link: ${{ secrets.JIRA_BASE_URL }}/browse/${{ steps.create_jira.outputs.issue }}
runId: ${{ fromJson(inputs.port_context).run_id }}
logMessage: |
Jira issue created! โ
The issue ID is: ${{ steps.create_jira.outputs.issue }}
Set up self-service action
We will create a self-service action to handle creating Jira issues from Dependabot alerts. To create a self-service action follow these steps:
-
Head to the self-service page.
-
Click on the
+ New Actionbutton. -
Click on the
{...} Edit JSONbutton. -
Copy and paste the following JSON configuration into the editor.
Create Jira Issue from Dependabot Alert (Click to expand)
Modification RequiredMake sure to replace
<GITHUB_ORG>and<GITHUB_REPO>with your GitHub organization and repository names respectively.{
"identifier": "create_jira_issue_from_dependabot",
"title": "Create Jira Issue from Dependabot",
"icon": "Jira",
"description": "Creates a Jira issue from dependabot.",
"trigger": {
"type": "self-service",
"operation": "DAY-2",
"userInputs": {
"properties": {
"project": {
"title": "Project",
"description": "The issue will be created on this project",
"icon": "Jira",
"type": "string",
"blueprint": "jiraProject",
"format": "entity"
},
"type": {
"title": "Type",
"description": "Issue type",
"icon": "Jira",
"type": "string",
"default": "Task",
"enum": [
"Task",
"Story",
"Bug",
"Epic"
],
"enumColors": {
"Task": "blue",
"Story": "green",
"Bug": "red",
"Epic": "pink"
}
}
},
"required": [
"type",
"project"
]
},
"blueprintIdentifier": "githubDependabotAlert"
},
"invocationMethod": {
"type": "GITHUB",
"org": "<GITHUB_ORG>",
"repo": "<GITHUB_REPO>",
"workflow": "create-jira-issue-from-dependabot.yml",
"workflowInputs": {
"type": "{{.inputs.\"type\"}}",
"project": "{{.inputs.\"project\" | if type == \"array\" then map(.identifier) else .identifier end}}",
"port_context": {
"entity": "{{.entity}}",
"run_id": "{{.run.id}}"
}
},
"reportWorkflowStatus": true
},
"requiredApproval": false
} -
Click
Save.
Now you should see the Create Jira Issue from Dependabot action in the self-service page. ๐
Let's test it!โ
-
Head to the self-service page of your portal
-
Choose either the GitHub workflow or webhook implementation:
- For GitHub workflow: Click on
Create Jira Issue from Dependabot - For webhook: Click on
Create Jira Issue from Dependabot (Webhook)
- For GitHub workflow: Click on
-
Select the Dependabot alert you want to create an issue for
-
Select the project where the issue will be created
-
Select the issue type
-
Click on
Execute -
Done! wait for the issue to be created in Jira