After a bit of exploration -- I figured it out. Here are the steps I used:
- Ensure you have admin permissions for your Snyk organization and Jira instance (it won't work without these)
- Create a Jira API token -- you'll need this
a. In Jira, navigate to your profile settings (click on your avatar in the top-right corner and select "Account settings")
b. In the sidebar, click "API tokens" under the "Security" section
c. Click "Create API token," give it a meaningful name (e.g., "Snyk Integration"), and click "Create.
- Go to the Snyk dashboard, click "Integrations" in the sidebar, then click "Add integration"
- Choose "Jira" from the integrations list
- Enter the necessary information (for Jira URL, this should be your base URL, e.g., "https://.atlassian.net")
- Click "Test connection" to ensure Snyk can connect to your Jira instance, then click "Save" when it's working
- In Snyk, go to the "Integrations" page and click on the "Jira" integration you just created
- Enable the "Automatically create Jira issues for new vulnerabilities" option
c. Choose the Jira project where you want the tickets to be created
d. Choose the issue type for the vulnerability tickets
e. Configure any additional settings as needed
f. Click "Save" to save your changes
Now, whenever Snyk discovers a new vulnerability in your organization, it will automatically create a Jira ticket for you. You can then assign the ticket to a team member.