Expose vulnerabilities fields to Jira integration API

Brian Williamsrequested to merge
bwill/expose-jira-integration-vulnerability-fields into master

What does this MR do and why?

Expose vulnerabilities fields to Jira integration API

References

Screenshots or screen recordings

curl -X PUT http://gdk.local:3000/api/v4/projects/38/integrations/jira \
  -H "Private-Token: ${GITLAB_TOKEN}" \
  -d 'url=https://bwill-test.atlassian.net/' \
  -d 'username=bwilliams@gitlab.com' \
  -d "password=${JIRA_TOKEN}" \
  -d 'vulnerabilities_enabled=true' \
  -d 'vulnerabilities_issuetype=10001' | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1185  100   855  100   330    166     64  0:00:05  0:00:05 --:--:--   257
{
  "id": 6,
  "title": "Jira issues",
  "slug": "jira",
  "created_at": "2025-04-25T15:49:48.682Z",
  "updated_at": "2025-04-25T15:49:48.682Z",
  "active": true,
  "commit_events": true,
  "push_events": true,
  "issues_events": true,
  "incident_events": false,
  "alert_events": true,
  "confidential_issues_events": true,
  "merge_requests_events": true,
  "tag_push_events": true,
  "deployment_events": false,
  "note_events": true,
  "confidential_note_events": true,
  "pipeline_events": true,
  "wiki_page_events": true,
  "job_events": true,
  "comment_on_event_enabled": true,
  "inherited": false,
  "vulnerability_events": false,
  "properties": {
    "url": "https://bwill-test.atlassian.net",
    "api_url": "",
    "jira_auth_type": 0,
    "username": "bwilliams@gitlab.com",
    "jira_issue_regex": "",
    "jira_issue_prefix": "",
    "jira_issue_transition_id": "",
    "issues_enabled": false,
    "project_keys": [],
    "vulnerabilities_enabled": true,
    "vulnerabilities_issuetype": "10001"
  }
}

How to set up and validate locally

Prepare your Jira instance

  1. Sign up for a free account on atlassian.net
  2. Create a Jira project
  3. In the top-right corner go to ⚙️ -> Atlassian Account Settings -> Security -> Create and manage API tokens and create an API token

Validate that UI works as expected

  1. In a GitLab project, go to Settings -> Integrations and add a Jira Issues integration.
  2. Enter your Jira project URL
  3. Use basic auth and enter your email and API key
  4. Check Create Jira issues for vulnerabilities
  5. Enter your project key and select an issue type
  6. Submit

Validate that API works as expected

If you tested the UI, disable jira issues for vulnerabilities

  1. Create a GitLab PAT
  2. Run the curl command below:
curl -X PUT <gdk_url>/api/v4/projects/38/integrations/jira \
  -H "Private-Token: ${GITLAB_TOKEN}" \
  -d 'url=https://<project>.atlassian.net/' \
  -d 'username=<username>' \
  -d "password=${JIRA_TOKEN}" \
  -d 'vulnerabilities_enabled=true' \
  -d 'vulnerabilities_issuetype=10001'

Observe that vulnerabilities_enabled and vulnerabilities_issuetype are set.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Brian Williams

Merge request reports