{"id":20838426,"url":"https://github.com/reload/github-security-jira","last_synced_at":"2025-05-08T20:36:18.002Z","repository":{"id":37589758,"uuid":"218510140","full_name":"reload/github-security-jira","owner":"reload","description":"Github Action for integrating Security Alerts with JIRA","archived":false,"fork":false,"pushed_at":"2025-04-14T04:40:18.000Z","size":841,"stargazers_count":53,"open_issues_count":6,"forks_count":32,"subscribers_count":10,"default_branch":"v1.x","last_synced_at":"2025-04-14T05:34:04.896Z","etag":null,"topics":["actions","jira","security","security-alerts"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/reload.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-10-30T11:17:46.000Z","updated_at":"2025-04-14T04:40:22.000Z","dependencies_parsed_at":"2023-11-30T06:35:51.370Z","dependency_job_id":"a62dfae9-361d-4eee-aacd-183a53dab467","html_url":"https://github.com/reload/github-security-jira","commit_stats":{"total_commits":238,"total_committers":9,"mean_commits":"26.444444444444443","dds":"0.25630252100840334","last_synced_commit":"01dfd158e9dc2e1d04958d48f2ad44c34eb13668"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reload%2Fgithub-security-jira","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reload%2Fgithub-security-jira/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reload%2Fgithub-security-jira/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reload%2Fgithub-security-jira/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/reload","download_url":"https://codeload.github.com/reload/github-security-jira/tar.gz/refs/heads/v1.x","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253146469,"owners_count":21861409,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","jira","security","security-alerts"],"created_at":"2024-11-18T01:10:14.395Z","updated_at":"2025-05-08T20:36:17.962Z","avatar_url":"https://github.com/reload.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# github-security-jira\n\nGitHub Action for mapping Dependabot security alerts to Jira tickets.\n\n## Setup\n\nYou need the following pieces set up to sync alerts with Jira:\n\n1. Two repo secrets containing a GitHub access token and a Jira API token, respectively.\n2. A workflow file which runs the action on a schedule, continually creating new tickets when necessary.\n\n### Repo secrets\n\nThe `reload/github-security-jira` action requires you to [create two encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) in the repo:\n\n1. A secret called `GitHubSecurityToken` which should contain a [Personal Access Token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) for the GitHub user under which this action should be executed. The token must include the `public_repo` scope if checking only public repos, or the `repo` scope for use on private repos. Also, the user must have [access to security alerts in the repo](https://help.github.com/en/github/managing-security-vulnerabilities/managing-alerts-for-vulnerable-dependencies-in-your-organization).\n2. A secret called `JiraApiToken` containing an [API Token](https://confluence.atlassian.com/cloud/api-tokens-938839638.html) for the Jira user that should be used to create tickets.\n\n### Workflow file setup\n\nThe [GitHub workflow file](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/configuring-a-workflow#creating-a-workflow-file) should reside in any repo where you want to sync security alerts with Jira.\n\nIt has some required and some optional settings, which are passed to the action as environment variables:\n\n- `GH_SECURITY_TOKEN`: A reference to the repo secret `GitHubSecurityToken` (**REQUIRED**)\n- `JIRA_TOKEN`: A reference to the repo secret `JiraApiToken` (**REQUIRED**)\n- `JIRA_HOST`: The endpoint for your Jira instance, e.g. \u003chttps://foo.atlassian.net\u003e (**REQUIRED**)\n- `JIRA_USER`: The ID of the Jira user which is associated with the 'JiraApiToken' secret, eg 'someuser@reload.dk' (**REQUIRED**)\n- `JIRA_PROJECT`: The project key for the Jira project where issues should be created, eg `TEST` or `ABC`. (**REQUIRED**)\n- `JIRA_ISSUE_TYPE`: Type of issue to create, e.g. `Security`. Defaults to `Bug`. (*Optional*)\n- `JIRA_WATCHERS`: Jira users to add as watchers to tickets. Separate multiple watchers with comma (no spaces).\n- `JIRA_ISSUE_LABELS`: Jira labels to add to tickets. Separate multiple labels with comma (no spaces).\n- `JIRA_RESTRICTED_COMMENT_ROLE`: A comment with restricted visibility\n  to this role is posted with info about who was added as watchers to\n  the issue. Defaults to `Developers`. (*Optional*)\n\nHere is an example setup which runs this action every 6 hours.\n\n```yaml\nname: GitHub Security Alerts for Jira\n\non:\n  schedule:\n    - cron: '0 */6 * * *'\n\njobs:\n  syncSecurityAlerts:\n    runs-on: ubuntu-latest\n    steps:\n      - name: \"Sync security alerts to Jira issues\"\n        uses: reload/github-security-jira@v1.x\n        env:\n          GH_SECURITY_TOKEN: ${{ secrets.GitHubSecurityToken }}\n          JIRA_TOKEN: ${{ secrets.JiraApiToken }}\n          JIRA_HOST: https://foo.atlassian.net\n          JIRA_USER: someuser@reload.dk\n          JIRA_PROJECT: ABC\n          JIRA_ISSUE_TYPE: Security\n          JIRA_WATCHERS: someuser@reload.dk,someotheruser@reload.dk\n```\n\n## Local development\n\nCopy `docker-composer.override.example.yml` to `docker-composer.override.yml` and edit according to your settings.\n\nAfter that, you can execute the Symfony console app like so:\n\n```\ndocker-compose run --rm ghsec-jira --verbose --dry-run\n```\n\nRemove the `--dry-run` option to actually create issues in Jira.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freload%2Fgithub-security-jira","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freload%2Fgithub-security-jira","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freload%2Fgithub-security-jira/lists"}