I would like to be able to open tickets automatically from Snyk to Jira for new issues found. Based on new or existing vulnerabilities.
And I would like to be able to create Jira tickets for issues already in the code.
Looked at Snyk APIs and looked at the UI way of opening ticket but it is not scalable. We want to automate this task and have it automated.
There is a tool called jira-tickets-for-new-vulns, it provides the means to sync your Snyk-monitored projects and automatically open Jira tickets for new issues and existing issue(s) without ticket(s) already created.
Cron it every X minutes/hours and fix the issues. This tool is aimed to be executed at regular intervals or with a trigger of your choice (webhooks). It can be could like this:
./snyk-jira-sync-<yourplatform>
-orgID=<SNYK_ORG_ID> // Can find it under settings
-token=<API Token> // Snyk API Token. Service accounts work.
-jiraProjectKey=<Key> // Jira project Key the tickets will be opened against
--severity=critical // optional: critical|high|medium|low
You can also find some extended options to set this up, for example apply this just for 'High' severity vulnerabilities and above.