Introducing the Jira Integration

Michael Lubas, 2024-04-03

Jira is the industry leading project management tool used by security, engineering, and product teams. Today the Jira integration is officially available. How does it work? Consider the following finding:

The relevant function in source code:

The best way to fix this vulnerability is to change the raw SQL query into an Ecto query, which automatically protects against SQL injections. In many organizations this involves:

  1. Creating a Jira ticket describing the work that needs to be done
  2. Opening a pull request that references the Jira ticket
  3. Setting the Jira ticket to completed when the work is finished

These metrics are often used by engineering leadership to monitor how much work is being completed, and see if current projects are blocked. Before the Jira integration, it was not possible to see if a ticket had been created for a finding.

You will be prompted to authenticate with your current Jira session.

You are then redirected back to the finding, which now has a form to create a Jira ticket.

When the form is submitted the ticket is created, and associated with that finding. You may be wondering, what happens on the next mix paraxial.scan run, where this same finding will occur again? Each Jira ticket is associated with a hash of the finding, meaning knows that if this finding shows up in future scans, SEC-77 is the relevant ticket. This prevents accidental creation of duplicate tickets for the same finding.

You can now track this work in Jira!

The Jira integration is currently live for all customers. If you would like to start using, please reach out today. stops data breaches by securing your Elixir and Phoenix apps. Detect and fix critical security issues today. Attending ElixirConf EU (April 17th) in Lisbon? founder Michael Lubas is giving the training Elixir Application Security and will be speaking at the conference. Hope to see you there!

Subscribe to stay up to date on new posts.