> ## Documentation Index
> Fetch the complete documentation index at: https://zeropath.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Jira Integration

> Sync ZeroPath findings with Jira for streamlined issue tracking and remediation workflows

## Overview

ZeroPath integrates with Jira Cloud to push security findings as Jira issues and sync status changes back. When a Jira issue is resolved, the corresponding ZeroPath finding is automatically marked as resolved.

## Setup

<Tabs>
  <Tab title="OAuth (Recommended)">
    <Steps>
      <Step title="Navigate to Integrations">
        Go to **Settings → Integrations** in the ZeroPath dashboard.
      </Step>

      <Step title="Connect Jira">
        Click **"Connect Jira"** and authorize ZeroPath in the Atlassian consent screen.
      </Step>

      <Step title="Auto-Configuration">
        ZeroPath automatically detects your Jira Cloud instance and default project.
      </Step>
    </Steps>
  </Tab>

  <Tab title="API Token">
    <Steps>
      <Step title="Navigate to Integrations">
        Go to **Settings → Integrations** and select **"Connect with API Token"**.
      </Step>

      <Step title="Enter Credentials">
        Provide your **email**, **Jira API token** (from [id.atlassian.com](https://id.atlassian.com/manage-profile/security/api-tokens)), and **Jira subdomain** (e.g., `mycompany` for `mycompany.atlassian.net`).
      </Step>

      <Step title="Validate & Connect">
        ZeroPath validates your credentials and connects.
      </Step>
    </Steps>
  </Tab>
</Tabs>

<Info>Both methods register a webhook in your Jira instance for bidirectional sync. OAuth connections automatically subscribe to all supported events. For API token connections, you will be prompted to manually create the webhook.</Info>

### Webhook Events

The ZeroPath webhook uses the following Jira events:

| Event                | Required | Purpose                                     |
| -------------------- | -------- | ------------------------------------------- |
| `jira:issue_updated` | Yes      | Syncs issue status changes back to ZeroPath |
| `comment_created`    | No       | Syncs ticket comments for smarter triage    |
| `comment_updated`    | No       | Keeps synced comments up to date            |

The comment events are optional but recommended. When enabled, ZeroPath uses ticket comments to intelligently classify closed tickets as **Resolved**, **False Positive**, or **Accepted Risk** instead of always defaulting to Resolved.

## Manual Issue Export

From any finding in the ZeroPath dashboard:

1. Click **"Export to Jira"** on the issue detail view.
2. Select a **Jira project**, **issue type** (Bug, Story, Task, etc.), and optionally an **epic** and **assignee**. Epics are available for all issue types, not just Tasks.
3. ZeroPath creates the Jira issue with full vulnerability details — title, description, affected file, severity, CVSS score, CWEs, code snippet, and patch link if available. For secrets findings, the code snippet is automatically redacted so that cleartext secret values are never written into Jira tickets.

If the selected issue type does not support a parent link (for example, Epics cannot have a parent in Jira's hierarchy), ZeroPath automatically retries without the epic link so the issue is still created successfully.

The Jira issue key is linked to the ZeroPath finding for bidirectional tracking.

### Bulk Export

You can export multiple findings to Jira at once:

1. Select the findings you want to export from the issues list.
2. Choose **"Export to Jira"** from the bulk actions menu.
3. Select a **Jira project**, **issue type**, and optionally an **epic** and **assignee**. You can select "None" to explicitly clear the epic selection.
4. If a Jira template is configured, you can toggle **"Use Jira Template"** to apply it to all exported issues.
5. ZeroPath creates Jira issues for all selected findings in batches. Code snippets for secrets findings are automatically redacted in all created tickets.

Findings that have already been exported to Jira are automatically skipped. After the export completes, you will see a summary showing how many issues were exported, skipped, or failed.

## Automatic Ticketing

Configure automatic issue creation for new findings:

1. Go to **Settings → Integrations**, select **Jira** from the sidebar, and open **Auto-Ticketing**.
2. Set a **score threshold** — only findings above this score create Jira tickets.
3. Choose which **scan types** trigger tickets (Full Scan, PR Scan, SCA, etc.).
4. Select the **Jira project** and **issue type**.
5. Optionally select an **epic** to group auto-created tickets under. If a previously configured epic is no longer available in Jira, a warning is displayed so you can select a new one or clear the selection.
6. Optionally configure **auto-assignment**, **custom templates**, and **scope** (all repos, specific repos, or repos matching specific tags).

Code snippets for secrets findings are automatically redacted in all auto-created tickets, so cleartext secret values are never written into Jira.

### SLA Due Dates

Enable **Set due date from SLA** to stamp each created ticket with the finding's remediation deadline as the Jira **due date** — the earliest breach date across every [SLA policy](/platform/sla) that covers the issue. This applies to both auto-created and manually exported tickets. If no SLA policy covers the finding, no due date is set.

<Note>
  The due date requires the selected issue type to expose a **Due date** field on its create screen. If it does not, ZeroPath warns you when saving the configuration and still creates tickets (without a due date). If Jira later rejects the due date for an individual ticket, ZeroPath retries without it so the ticket is still created.
</Note>

### Custom Templates

Auto-ticketing supports customizable title and description templates with variables:

* `{{severity}}`, `{{issueTitle}}`, `{{repositoryName}}`, `{{affectedFile}}`, `{{vulnClass}}`, and more.
* Custom Jira fields can be mapped to ZeroPath finding data or static values.

## Bidirectional Sync

When a Jira issue's status changes to **Done**, **Resolved**, **Closed**, or **Completed**, ZeroPath automatically:

* Analyzes ticket comments to determine the appropriate status — **Resolved**, **False Positive**, or **Accepted Risk**
* If no comments are present or comment events are not enabled, the finding defaults to **Resolved**
* If comments are present but the intent cannot be determined with confidence, the status change is skipped rather than defaulting to Resolved, preventing incorrect triage
* Records who made the change and when
* Logs the state transition in the finding's audit trail

ZeroPath selects the correct Jira workflow transition based on the target status. When marking a finding as **Resolved**, ZeroPath picks a completion transition (such as "Done") and avoids cancellation-style transitions like "Won't Do". When marking a finding as **False Positive** or **Accepted Risk**, ZeroPath prefers a cancellation-style transition if one is available. This ensures your Jira workflow states accurately reflect the triage decision.

When you change the status of multiple findings at once (for example, marking many issues as false positive), ZeroPath syncs each update to Jira with controlled concurrency to stay within Jira Cloud rate limits. If an individual ticket update fails, the remaining updates continue — partial failures are logged without blocking the bulk action.

This sync is powered by a webhook registered in your Jira instance during setup.

<Warning>
  Jira Cloud webhooks expire after **30 days**. If sync stops working, reconnect the integration from Settings → Integrations to refresh the webhook. When you reconnect, ZeroPath automatically removes any stale webhooks with outdated secrets before creating a new one.
</Warning>

## Confluence Access

The Jira integration also provides access to Confluence, since both products share the same Atlassian OAuth token. When Confluence is enabled, the AI AppSec Assistant can search and read your Confluence pages for security documentation, architecture context, and runbooks.

### Enabling Confluence

1. Connect Jira using either the OAuth or API Token method described above.
2. Once Jira is connected, a **Confluence** option appears in the integrations page. You can enable it directly from the **Add Integration** dialog with a single click — no additional authentication is required.
3. Alternatively, select **Confluence** from the integrations sidebar and toggle **Confluence Access** on.

No additional authentication is required — Confluence reuses your existing Atlassian OAuth token.

### Disabling Confluence

To disable Confluence access, select **Confluence** from the integrations sidebar and toggle **Confluence Access** off. This does not affect your Jira integration.

## Troubleshooting

<AccordionGroup>
  <Accordion title="&#x22;Jira integration not found&#x22;">
    Ensure the integration is connected in Settings → Integrations.
  </Accordion>

  <Accordion title="Bidirectional sync not working">
    Check if the Jira webhook has expired (30-day limit). Reconnect the integration to refresh it. Also verify the Jira issue key matches a ZeroPath finding (the link is created during export).
  </Accordion>

  <Accordion title="&#x22;Failed to create Jira issue&#x22;">
    Check that the selected project and issue type exist in your Jira instance. Ensure required Jira fields are configured in the auto-ticketing settings.
  </Accordion>
</AccordionGroup>
