HERE'S WHAT
When making the connection to Jira, you can specify a 'label' or "JQL" and Drata application can automatically find the relevant tickets in Jira.
BEFORE DIVING IN
Connect to Jira. For more information, go to Connecting Jira to Drata.
Confirm that the JQL provides the expected list of tickets in Jira first before pasting it into Drata. Drata cannot validate the JQL that you enter.
If your JQL results in an empty list of tickets for Drata to analyze, the associated test (monitored test 26) will pass.
HERE'S HOW
Go to the connections page and search and update the Jira connection.
Use Label for identifying Security Tickets
Make sure that Label is selected in the source section
Within Jira, you are able to mark tickets as 'Security' with three separate options:
1 - Labels
2 - Components
3 - Custom Fields
Adding a label, matching the string used in the connection window (image above), to any ticket will cause the test within Drata to find the security label.
If no label is found, the test will look for a security component across all existing projects. If a component with a matching name is found it will be used to look for tickets marked as security.
If no component is found, the test will look for a custom field with a name matching the string used in the connection window.
If no label, component, or custom field are found with the appropriate name then the test will pass within Drata and report that no failing security tickets can be found.
Within this set of security-labeled tickets, Drata checks that tickets have both an owner assigned and a value set in the native Jira priority field. If either setting is missing, that ticket will fail the test.
Use JQL for identifying Security Tickets
You can use JQL for Drata to identify security related issues in your SDLC tool.
Make sure that JQL is selected in the source section
Enter the JQL that provides a list of all security related tickets for your organization.
Drata cannot validate the JQL that you enter. Please confirm that the JQL provides the expected list of tickets in Jira first before pasting it into Drata.
If your JQL results in an empty list of tickets for Drata to analyze, the associated test (monitored test 26) will pass.
Click on “Update connection”. JQL will now be used to identify security issues in your organization.
You can switch from JQL to label (and vice versa) at any time when you edit your Jira connection. Any changes you make will be implemented within 24 hours the next time Autopilot runs.
NOTE: Making a change will not edit or remove the test evidence from your prior configuration.