You must map the fields between Crowdcontrol and Jira so that when a submission is pushed from Crowdcontrol, the submission information is properly updated in Jira. By default, the Title and Details fields in Crowdcontrol submission are mapped to Summary and Description fields in the Jira ticket, respectively.
Jira Markdown support: When Markdown fields from Crowdcontrol are pushed to Jira, they will convert to the respective markdown flavors to render appropriately.
You can map the following submission details to Jira:
- Current submission state (example, Unresolved, Resolved)
- Priority
- Reward Amount
- Reference Number
- Description
- HTTP Request
- Chosen VRT Category
- Bug URL
- List of comments
- Submission Url
The following image displays the comments in the Jira ticket.
Crowdcontrol provides the following mapping types that allows mapping Crowdcontrol submission fields to your Jira ticket fields:
- Apply a Bugcrowd submission attribute to a text field in Jira
- Apply a Bugcrowd submission custom field to a text field in Jira
- Apply a static string to a text field in Jira
- Apply one or more text strings to the labels field in Jira
- Apply one or more text strings to a custom label field in Jira
- Select a predefined option from a single select list field in Jira
- Select one or more predefined options from a multiple select list field in Jira
- Select predefined options for a cascading select list field in Jira
A field marked with asterisk indicates it is a mandatory field that is required for creating issue in Jira.
Mapping Jira ticket fields to Crowdcontrol Submission fields
To map the Jira ticket fields to Crowdcontrol, follow these steps:
-
Select a Security Program from the Go to Security Program or Engagement drop-down, select Settings and click Integrations.
-
On the Jira integrations page, click Field mapping on the left side.
-
In Jira field column, select the Jira field that you want to map. Crowdcontrol uses Jira API to fetch all the fields from the specified project.
-
In the Available field column, select the Crowdcontrol field that must be mapped to the Jira field.
The Available Fields column contains the following fields that you can choose:
- Amount
- Bug URL
- Priority
- Reference Number
- Researcher Username
- Substate
- Title
- Id
- CVSS String
- CVSS Score
- VRT Classification
- Description
- Extra Info
- Remediation Advice
- Vulnerability References
- Details
- Submission Url
Crowdcontrol allows administrators to define custom submission fields at the program level. This means that you can add information specific to your organization on a per-submission basis. Custom fields are displayed as [Custom Field] (custom_field_name) in the Available Field drop-down menu.
-
In the Set field column, select any of the following options for configuring how often Crowdcontrol field must synchronize with Jira field:
- On Every Update: Each time a submission field is updated in Crowdcontrol, the updated information is pushed to Jira. The corresponding Jira field is overwritten and displays the changes.
- Once: Crowdcontrol submission field’s data is synchronized with the Jira field when a Jira ticket is created and remains fixed regardless of the updates made within that field in Crowdcontrol.
If automatic Jira ticket creation is enabled, then a Jira ticket is created after the submission transitions to the Unresolved status. If automatic Jira ticket creation is disabled, then you can push the Crowdcontrol submission upstream to Jira manually.
Overwriting Jira Ticket Fields: Any field configured to synchronize On Every Update is overwritten in Jira with the latest data from Crowdcontrol submission. If you update the Jira field, then this updated data is lost during synchronization.
-
Click Add.
The Field mapping created message is displayed and the mapped field is added as a row to the table.
Removing Field Mapping
To remove a field mapping, click Delete for the field that you want to remove.
The Field mapping removed message is displayed and the mapped field is removed from the table.