Skip to content
QCecuring

Jira Ticket Creation

Jira Ticket Creation

Section titled “Jira Ticket Creation”

Automatically create Jira tickets when CBOM detects issues that need human action. Every policy violation, expiring certificate, or compromised asset becomes a tracked work item with full context, assigned ownership, and SLA visibility.

hidden Jira ticket created by CBOM showing violation details, remediation steps, and linked crypto asset

What It Does

Section titled “What It Does”

The Jira integration bridges the gap between detection and remediation:

  • Auto-creates tickets when policy violations or certificate expirations are detected
  • Includes full context — asset details, violation reason, remediation guidance, and a direct link back to CBOM
  • Assigns ownership based on configurable rules (asset owner, team, project)
  • Tracks SLA — priority and due dates based on severity

Configuration (Planned)

Section titled “Configuration (Planned)”
integrations:
  jira:
    url: https://company.atlassian.net
    email: cbom-service@company.com
    api_token: "..."
    project_key: SEC
    issue_type: Task
    rules:
      - trigger: policy_violation
        priority: High
        labels: ["cbom", "crypto-compliance"]
        assignee_field: asset_owner
        due_days: 14


      - trigger: cert_expiry_30d
        priority: Medium
        labels: ["cbom", "cert-expiry"]
        assignee_field: asset_owner
        due_days: 25


      - trigger: cert_expiry_7d
        priority: Critical
        labels: ["cbom", "cert-expiry", "urgent"]
        assignee_field: asset_owner
        due_days: 5


      - trigger: compromised_asset
        priority: Critical
        labels: ["cbom", "compromised", "incident"]
        assignee_field: security_lead
        due_days: 1


    deduplication:
      enabled: true
      key_field: cbom_asset_id
      reopen_on_recurrence: true

What Gets Created

Section titled “What Gets Created”

Each Jira ticket includes:

Summary

Section titled “Summary”
[CBOM] RSA-2048 key violates NIST-PQC policy — payment-service

Description

Section titled “Description”
## Crypto Asset Details


| Field | Value |
|-------|-------|
| Asset Name | payment-service signing key |
| Asset Type | Private Key |
| Algorithm | RSA-2048 |
| Risk Level | 🔴 CRITICAL |
| Location | /etc/ssl/private/payment-svc.key |
| First Seen | 2025-01-15 |


## Policy Violation


**Policy:** NIST Post-Quantum Cryptography Compliance
**Rule:** All asymmetric keys must use quantum-resistant algorithms
**Violation:** RSA-2048 is vulnerable to quantum attack (Shor's algorithm)


## Remediation


1. Generate a new ML-DSA-65 (Dilithium) signing key
2. Update the payment-service configuration to use the new key
3. Rotate any dependent certificates
4. Mark the old key as `deactivated` in CBOM


## Links


- [View in CBOM](https://cbom.company.com/assets/abc123)
- [Policy Details](https://cbom.company.com/policies/nist-pqc)
- [Migration Guide](https://cbom.company.com/docs/pqc-migration)

Custom Fields

Section titled “Custom Fields”
FieldValue
Labelscbom, crypto-compliance
PriorityHigh
Due Date14 days from creation
ComponentsCrypto Security
CBOM Asset ID(custom field for deduplication)

Deduplication

Section titled “Deduplication”

The integration prevents duplicate tickets:

  • Same asset, same violation → Won’t create a second ticket if one is already open
  • Recurrence → Optionally reopens closed tickets if the same violation reappears
  • Linked tickets → If multiple violations affect the same asset, tickets are linked

Assignment Rules

Section titled “Assignment Rules”

Configure how tickets get assigned:

assignment:
  # Assign to the asset owner registered in CBOM
  default: asset_owner


  # Fallback if no owner is set
  fallback: security-team-lead@company.com


  # Override by asset type
  overrides:
    - asset_type: certificate
      assignee: cert-team@company.com
    - asset_type: private-key
      assignee: key-management@company.com

Use Cases

Section titled “Use Cases”
  • Track remediation — Every violation becomes a work item with a deadline and owner
  • Assign ownership — Route tickets to the right team based on asset type or business unit
  • SLA enforcement — Priority and due dates ensure timely response
  • Audit evidence — Jira history proves when issues were detected and how quickly they were resolved
  • Sprint planning — Security work is visible alongside feature work
Section titled “Related”
  • Integrations Overview — All available integrations
  • ServiceNow — Alternative for ServiceNow ITSM environments
  • Slack — Real-time alerts alongside ticket creation
  • Policies — Define rules that trigger ticket creation