Skip to main content

Documentation Index

Fetch the complete documentation index at: https://zeropath.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Overview

ZeroPath integrates with Jira Cloud to push security findings as Jira issues and sync status changes back. When a Jira issue is resolved, the corresponding ZeroPath finding is automatically marked as resolved.

Setup

Both methods register a webhook in your Jira instance for bidirectional sync. OAuth connections automatically subscribe to all supported events. For API token connections, you will be prompted to manually create the webhook.

Webhook Events

The ZeroPath webhook uses the following Jira events:
EventRequiredPurpose
jira:issue_updatedYesSyncs issue status changes back to ZeroPath
comment_createdNoSyncs ticket comments for smarter triage
comment_updatedNoKeeps synced comments up to date
The comment events are optional but recommended. When enabled, ZeroPath uses ticket comments to intelligently classify closed tickets as Resolved, False Positive, or Accepted Risk instead of always defaulting to Resolved.

Manual Issue Export

From any finding in the ZeroPath dashboard:
  1. Click “Export to Jira” on the issue detail view.
  2. Select a Jira project, issue type (Bug, Story, Task, etc.), and optionally an epic and assignee. Epics are available for all issue types, not just Tasks.
  3. ZeroPath creates the Jira issue with full vulnerability details — title, description, affected file, severity, CVSS score, CWEs, code snippet, and patch link if available.
If the selected issue type does not support a parent link (for example, Epics cannot have a parent in Jira’s hierarchy), ZeroPath automatically retries without the epic link so the issue is still created successfully. The Jira issue key is linked to the ZeroPath finding for bidirectional tracking.

Bulk Export

You can export multiple findings to Jira at once:
  1. Select the findings you want to export from the issues list.
  2. Choose “Export to Jira” from the bulk actions menu.
  3. Select a Jira project, issue type, and optionally an epic and assignee. You can select “None” to explicitly clear the epic selection.
  4. If a Jira template is configured, you can toggle “Use Jira Template” to apply it to all exported issues.
  5. ZeroPath creates Jira issues for all selected findings in batches.
Findings that have already been exported to Jira are automatically skipped. After the export completes, you will see a summary showing how many issues were exported, skipped, or failed.

Automatic Ticketing

Configure automatic issue creation for new findings:
  1. Go to Settings → Integrations, select Jira from the sidebar, and open Auto-Ticketing.
  2. Set a score threshold — only findings above this score create Jira tickets.
  3. Choose which scan types trigger tickets (Full Scan, PR Scan, SCA, etc.).
  4. Select the Jira project and issue type.
  5. Optionally select an epic to group auto-created tickets under. If a previously configured epic is no longer available in Jira, a warning is displayed so you can select a new one or clear the selection.
  6. Optionally configure auto-assignment, custom templates, and scope (all repos, specific repos, or repos matching specific tags).

Custom Templates

Auto-ticketing supports customizable title and description templates with variables:
  • {{severity}}, {{issueTitle}}, {{repositoryName}}, {{affectedFile}}, {{vulnClass}}, and more.
  • Custom Jira fields can be mapped to ZeroPath finding data or static values.

Bidirectional Sync

When a Jira issue’s status changes to Done, Resolved, Closed, or Completed, ZeroPath automatically:
  • Analyzes ticket comments to determine the appropriate status — Resolved, False Positive, or Accepted Risk
  • If no comments are present or comment events are not enabled, the finding defaults to Resolved
  • Records who made the change and when
  • Logs the state transition in the finding’s audit trail
This sync is powered by a webhook registered in your Jira instance during setup.
Jira Cloud webhooks expire after 30 days. If sync stops working, reconnect the integration from Settings → Integrations to refresh the webhook. When you reconnect, ZeroPath automatically removes any stale webhooks with outdated secrets before creating a new one.

Confluence Access

The Jira integration also provides access to Confluence, since both products share the same Atlassian OAuth token. When Confluence is enabled, the AI AppSec Assistant can search and read your Confluence pages for security documentation, architecture context, and runbooks.

Enabling Confluence

  1. Connect Jira using either the OAuth or API Token method described above.
  2. Once Jira is connected, a Confluence option appears in the integrations page. You can enable it directly from the Add Integration dialog with a single click — no additional authentication is required.
  3. Alternatively, select Confluence from the integrations sidebar and toggle Confluence Access on.
No additional authentication is required — Confluence reuses your existing Atlassian OAuth token.

Disabling Confluence

To disable Confluence access, select Confluence from the integrations sidebar and toggle Confluence Access off. This does not affect your Jira integration.

Troubleshooting

Ensure the integration is connected in Settings → Integrations.
Check if the Jira webhook has expired (30-day limit). Reconnect the integration to refresh it. Also verify the Jira issue key matches a ZeroPath finding (the link is created during export).
Check that the selected project and issue type exist in your Jira instance. Ensure required Jira fields are configured in the auto-ticketing settings.