AISEC

by CipherFort Security

Sign inGet started
Integration Guide · Jira

Jira Integration

The Jira connector uses the Jira REST API v3 with basic authentication (email + API token) to collect a snapshot of open security issues matching a JQL filter. This provides evidence of active security workflow management for ISO 27001 and SOC 2 controls.

Security issue count and priority breakdownConfigurable JQL filterWorks with Jira Cloud and Jira Server/Data CenterNo issue data stored — only summary counts

JQL

Filter method

Basic auth

Authentication method (email + API token)

A.5.24, A.8.8

Example ISO 27001 control mappings

Prerequisites

Create a Jira API token

Jira Cloud uses email + API token pairs for API authentication. Jira Server/Data Center uses a personal access token.

Jira Cloud

Go to https://id.atlassian.com/manage-profile/security/api-tokens and create a token.

  • Label: aisec-evidence-collector
  • Copy the token immediately — shown once
  • Use the Atlassian account email and this token as the password in AISEC
  • The account must have Browse Projects permission on the target project

Jira Server / Data Center

Go to your Jira profile → Personal Access Tokens → Create token.

  • Name: aisec-evidence
  • Expiry: set a calendar reminder before expiry
  • Use the full server URL as the Base URL (e.g. https://jira.yourcompany.com)
  • Leave the email field as your Jira username; use the PAT as the API token

Configuration

Connect Jira in AISEC

Enter your Jira URL, credentials, and an optional JQL filter in Settings → Integrations → Jira → Configure.

Step-by-step

  • Jira URL: your Jira Cloud URL (e.g. https://yourcompany.atlassian.net) or Jira Server URL
  • Email: the Atlassian account email or Jira username associated with the API token
  • API Token: the token you created above
  • JQL Filter (optional): defaults to "project = SEC AND statusCategory != Done" — customise to match your security project key and issue types
  • Sync frequency: weekly is often sufficient for backlog snapshots; use daily if the register changes frequently
  • Click Connect, then Sync now

JQL examples

Customising the JQL filter

The default JQL collects all open issues from a project named SEC. Adapt it to your project and issue types.

  • All open security issues: project = SECURITY AND statusCategory != Done
  • High priority only: project = SEC AND priority in (High, Critical) AND statusCategory != Done
  • Security-labelled issues across projects: labels = security AND statusCategory != Done
  • Specific issue types: project = SEC AND issuetype in (Bug, Vulnerability) AND statusCategory != Done
  • Due soon: project = SEC AND due <= "14d" AND statusCategory != Done

Evidence collected

What appears in your evidence register

One evidence item per sync summarising the security backlog state.

Security Workflow Summary

Open ticket count, high-priority count, and count of tickets carrying due dates from the JQL filter results.

  • Maps to ISO 27001: A.5.24 (Information security incident management), A.8.8, A.8.32
  • Maps to SOC 2: CC7.3, CC7.4

Troubleshooting

Common issues

  • 401 Unauthorized — verify the email and API token; for Jira Cloud, the email must match the Atlassian account that owns the token.
  • 400 on search — the JQL is invalid; test the filter in Jira before entering it in AISEC.
  • Zero results — no issues match the JQL filter; check the project key and that the project contains open issues.
  • Jira Server SSL errors — if your Jira Server uses a self-signed certificate, add the certificate to the evidence-collector's trust store or use a signed certificate.

Related

Keep exploring

All integrations

Evidence section

Ready to connect?

Create a Jira API token, customise your JQL filter, then enter the details in AISEC.