Bitsight Jira Software Integration Setup Guide

Prerequisites

Before installing the application, ensure you have set up your Atlassian account and Bitsight API token.

• Atlassian Account: Visit atlassian.com, sign up, and create your Atlassian site (e.g., youremailname.atlassian.net).
• Bitsight Token: Learn how to generate an API token in the Bitsight portal here.

App Installation

1. Go to the Integrations page in the navigation menu inside the SPM app in Bitsight portal. Search for Jira and click on the Install button. 
2. On the new page opened for the app installation, Click the Get App button.
3. Select the site where you want to install the app from the drop-down list (Note: You must be a site admin or org admin) and click Install.

Post-Installation Steps for Jira Software 

You must add Bitsight-specific custom fields to your Jira Software space before configuring the app.

1. Go to your Jira site and click on Spaces on the left sidebar.
2. Hover over your scrum space, click the three horizontal dots, and select Space settings.
3. From the left sidebar, click Fields, then click Add Fields in the top right corner.
4. Search for and select the following four fields (ensure you click the option with the rectangular box icon):
   • Rolled Up Observation ID
   • Company GUID
   • Risk Vector
   • Evidence Key. Ensure you click the option with the rectangular box icon.
5. Click Add 4 Fields.
6. Next, click on Work types from the left sidebar and select the work type you want to use (e.g., Task) for the Bitsight findings.
7. Drag and drop the four newly added fields from the right sidebar to the Context fields section. If you intend to use the Priority field, drag that over as well as in a Scrum space this is not added by default
8. Click Save changes.

Final Step: Bitsight Jira Application Configuration

1. In the app, paste your Bitsight API Token into the secured text field and click Validate.
2. Set your filters to determine which findings to fetch. You must select the Findings Company, Severity Category, Asset Importance, Grade, and Risk Vector. You must also set the Max Age Days (minimum of 3 days), which cannot be changed after saving.
3. Select your Work type, assignee, reporter, and priority. You must also set the Status Synchronization (None, Jira to Bitsight, or Bidirectional) and map your statuses.
4. Toggle the application to Active and save your configurations to run the scheduler.