Overview

WhiteSource Mend provides the ability to integrate with issue tracking systems, in order to automatically create issues in those systems when a policy match occurs. As a result, issues automatically open in the issue tracking system and are automatically filled with the relevant WhiteSource Mend information required to mitigate the risks triggering the creation of the issue.

This integration is implemented as a generic platform, exposed by external/public APIs, whereupon WhiteSource Mend provides a set of out-of-the-box plugins for specific common Issue tracking systems. The triggering for the issues' creation occurs when a policy of the type “Issue” is matched with a library. This occurs no matter which plugins you are using.

NOTE: If you have already defined a previous integration of WhiteSource Mend with an issue tracking system, and created policies to trigger issues creation, it can continue working “side by side” with the new integration until the “old” one will be deprecated. Ensure you define new policies for the new integration. To view the documentation for the legacy issue tracker integration, click here.

...

• Jira Data Center or Server versions from 8.0 to 8.22

• Admin permissions to Jira

• Admin permissions to WhiteSourceMend

How the Jira Data Center and Server Plugin Work

...

1. The Jira Data Center and Server Plugin periodically queries the WhiteSource Mend application for “Issue” Policy matches. These matches represent Issues the plugin should create in Jira.

2. A corresponding WhiteSource Mend Issue (of type WS_Issue) is created in Jira for each match with all the relevant information in dedicated fields that can be sorted and filtered. For details, see WhiteSource Mend Issue Information.
   The WhiteSource Mend Issue will be created based on the default issue type schema defined for each mapped Jira project.

3. The WhiteSource Mend Issue is updated automatically following changes that occur on WhiteSourceMend. If the policy no longer affects the relevant project or the library is no longer in the inventory of the project, a relevant comment is added to the WhiteSource Mend Issue.

4. The WhiteSource Mend application is updated following changes in the Issue statuses.

...

1. Log in to Jira with Admin permissions.

2. Navigate to Manage Apps in the JIRA ADMINISTRATION section.

3. Search for WhiteSource Mend in the Atlassian Marketplace search box.

4. Find the WhiteSource Mend Integration for Jira Server and click Install.

5. After the installation, you will be directed to the configuration page. (If not, in the User-Installed Apps list, navigate to the WhiteSource Mend Jira Plugin and click Configure).

6. The Activate Your WhiteSource Mend License screen is displayed. Enter the activation key (to generate an activation key, refer here) in the provided box, and click Next. In case you are using a proxy, press the Show Proxy Settings button to set it up.
   NOTE: If the activation key cannot be verified, it might be expired or you might be experiencing connectivity issues. In either case, contact Support.

7. The plugin mapping screen is displayed. Continue to Mapping the WhiteSource Mend Projects to the Jira Projects.

Mapping the

...

Mend Projects to the Jira Projects

In the plugin mapping screen, you can define (or map) in which Jira projects the issues that will be created according to the relevant WhiteSource Mend scope.

To map the WhiteSource Mend projects to the Jira projects, do as follows:

1. Map the WhiteSource Mend projects to the Jira projects in which the issues will be created, according to the WhiteSource Mend scope and the match type.

   • In WS Product, select the product.

   • In WS Project, select one or more projects, or select Select All.

   • In WS Policy Match, create a mapping of all relevant policy matches for the project (for example, By License Group, Security Vulnerability Severity, etc.), or Select All.

   • In Jira Project, select the relevant Jira projects for your mapping.

2. Select a default Jira project in which Issues without a specific mapping will be created. This is a mandatory setting; if no other mapping is done, all Issues will be created in the default Jira ticket board.

3. Click Save.

4. Proceed to Creating a Policy to Trigger Issues in order to trigger Issue creation.

...

• Admin permissions to Jira

• Admin permissions to WhiteSourceMend

How the Jira Cloud Plugin Works

...

1. The Jira plugin periodically queries the WhiteSource Mend application for “Issue” Policy matches. These matches represent Issues the plugin should create in Jira.

2. A corresponding WhiteSource Mend Issue (of type WS Issue) is created in Jira for each match with all the relevant information in dedicated fields that can be sorted and filtered. For details, see WhiteSource Mend Issue Information.
   The WhiteSource Mend Issue will be created based on the default issue type schema defined for each mapped Jira project.

3. The WhiteSource Mend Issue is updated automatically following changes that occur on WhiteSourceMend. If the policy no longer affects the relevant project or the library is no longer in the inventory of the project, a relevant comment is added to the WhiteSource Mend Issue.

4. The WhiteSource Mend application is updated following changes in the Issue statuses.

...

1. Log into Jira with Admin permissions.

2. Navigate to Find new apps in the Apps section.

3. Search for WhiteSource Mend in the search box.

4. Find the WhiteSource Mend Integration for Jira Cloud and click Install.

5. Navigate to the WhiteSource Mend plugin in the Apps section, after the installation is completed.

...

6. The Activate Your WhiteSource Mend License screen is displayed. Enter the activation key (to generate an activation key, refer here) in the provided box, and click Next.

...

7. The plugin mapping screen is displayed. Continue to Mapping the WhiteSource Mend Projects to the Jira Projects.

Mapping the

...

Mend Projects to the Jira Projects

In the plugin mapping screen, you can define (or map) in which Jira projects the issues that will be created according to the relevant WhiteSource Mend scope.

To map the WhiteSource Mend projects to the Jira projects, do as follows:

1. Map the WhiteSource Mend projects to the Jira projects in which the issues will be created, according to the WhiteSource Mend scope and the match type.

   • In WS Product, select the product.

   • In WS Project, select one or more projects, or select All.

   • In WS Policy Match, create a mapping of all relevant policy matches for the project (for example, By License Group, Security Vulnerability Severity, etc.), or select All.

   • In Jira Project, select the relevant Jira projects for your mapping.

2. Select a default Jira project in which Issues without a specific mapping will be created. This is a mandatory setting; if no other mapping is done, all Issues will be created in the default Jira ticket board.

3. Click Save.

4. Proceed to Creating a Policy to Trigger Issues in order to trigger Issue creation.

...

Mend Issue Information

The WhiteSource Mend Issue (WS Issue type) tickets hold all the relevant information that is created by the plugin in dedicated fields.

In order to provide as much information as possible in the Jira issue regarding the library's risks and how to mitigate them, library aggregated data is also provided to help you to easily filter and sort the Jira issues, and create a prioritized backlog for mitigating the risks found by WhiteSourceMend.

Following are the dedicated WhiteSource Mend fields that are created by the Jira plugins:

...

1. Open the Policies page.
   You can create a policy on any level but it must correspond to the mapping.

2. Click Add Policy.

3. Create the policy as required. In Action, select Issue.

4. In Issue Settings, in Tracker Type, select Issue Tracker Plugin.

5. Click Add to revert to the Policies page showing the Issue policy created in WhiteSourceMend.

When a policy is matched with a library (as a result of a scan or when applying policy changes to existing inventory), an issue creation is triggered in the WhiteSource Mend application. The plugins periodically (once an hour) fetch this information and create the corresponding issues in Jira.

Ignoring

...

Mend Alerts

The Jira Plugins support an option to ignore WhiteSource Mend alerts following the completion of the corresponding WhiteSource Mend issue. The status of the WhiteSource Mend risk will be set to IGNORED when the Jira ticket is moved to a status category “DONE”/”COMPLETE”.
To enable this feature, do the following:

...

• Each Jira Plugin can be connected to a single WhiteSource Mend organization.

• The Jira projects used by the integration should not include mandatory fields; if they do, the WhiteSource Mend Issue should be set to exclude them. For instructions on how to exclude mandatory fields in a Jira Cloud configuration to enable the WhiteSource Mend integration to open tickets, see Excluding Mandatory Fields for WhiteSource Integration .

• It is not recommended to change the issue type of the WhiteSource Mend Issue after its creation. In order to keep WhiteSource Mend and Jira in sync, the following fields should be maintained: WS-Project_Token, Library_UUID, Policy_Id.  

• WhiteSource Mend Issues created by Jira Plugins should not be deleted, as this will cause WhiteSource Mend and Jira to go out of sync.

...

This procedure enables you to create a token with which to validate the Jira integration.

1. In the WhiteSource Mend application, click Admin. The Organization Administration screen is displayed.

2. In the Integration area, click Issue Tracker Settings. The Issue Tracker Settings screen is displayed.

3. In the Issue Tracker Plugin section, click Generate Activation Key. Copy the key for later use.