JIRA plugin for ZAP

[Prabath Siriwardana]

Hi folks,

Do we have a JIRA plugin for ZAP..? My quick Google search did not find me anything..

Basically my requirement is to create JIRA tickets for all the findings at the end of n scan...

If we do not have any JIRA plugin - I would like to develop one and contribute back to the ZAP community - appreciate a lot if you can please point me to any docs on ZAP plugin development..

Thanks & regards,

-Prabath

[j.dre...@gmail.com]

Hi Prabath,

As far as I know there's no plugin to export to Jira. That said, I wouldn't recommend building one. The main issue you'll encounter is duplicate entries and false positives. If they all go automatically in you'll more than likely mess up issue tracking and make your backlog unnavigable. I'd suggest using something like threadfix instead. This will dedup the results of your tests and allow you to select the issues you'd like to add to Jira. Also it's nice to be able to get stats on issues that are raised. It's open source and easy enough to set up, so it shouldn't cost anything more than an hour of your time. They also have support available if you need it. 

Hope this helps a bit. 

Regards,

James

Ps Just in case, I don't have any affiliation to the denim group or threadfix. I used the open source version before in my workplace so that I wouldn't have to manually add issues to Jira and to reduce time waiting on an internal security group to do scans.  :P Tried to hack on the code but it's a mess; it does work though and work well. 

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[psiinon]

We have an enhancement request for integrating with bug trackers: https://github.com/zaproxy/zaproxy/issues/440
A team has just started working on this, but I think you can still contribute.
I'd like this to be implemented as a generic component with plugins for specific trackers - and you could work on the JIRA plugin, and provide very useful feedback on the generic component / interface :)
I'll put you in touch with that team and we can go from there.

James - I understand what you're saying, but I think it all depends on how this functionality is used.
Always raising all alerts as bug tracker issues would almost certainly be a bad thing to do.
However being able to manually raise selected issues would be really useful for mamy of us (including myself;).
As would being able to do this via the API, as long as the calling code could dedup the results.

Cheers,

Simon

[kasun balasooriya]

Hi I'm currently working on building this as an add-on. I am using the jira rest api[1] to achieve this. I have been successful in creating the issues. By using this plugin a user will be able to create issues by using a report generated on a session. I will update in detail about the progress in this thread. 

Thanks & regards!

[1] https://docs.atlassian.com/jira/REST/latest/

[Stephen de Vries]

Recommend taking a look at this client: http://mvnrepository.com/artifact/net.rcarz/jira-client instead of the one provided by Atlassian.  I’ve found it easier to use and a cleaner API.

[kasun balasooriya]

Thank you! I will have a look. 

Kasun Balasooriya about.me/kasun.balasooriya.71

[kasun balasooriya]

Hi! I want to get a report of the last scan from zap. But I don't want the file saved. Instead I need it to be in a stream. Is there a way I can achieve this? Thanks in advance! 

To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-develop+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-develop+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[thc...@gmail.com]

Hi.

Yes, using the class ReportLastScan (although the report will be in a
String, not an [output]stream).

For example usage with String take a look at:
CoreAPI.writeReportLastScanTo(HttpMessage, ScanReportType).


Best regards.

On 16/11/15 12:56, kasun balasooriya wrote:
> Hi! I want to get a report of the last scan from zap. But I don't want
> the file saved. Instead I need it to be in a stream. Is there a way I
> can achieve this? Thanks in advance!
>
> On Thursday, November 12, 2015 at 9:42:08 PM UTC+5:30, kasun balasooriya
> wrote:
>
> Thank you! I will have a look.
>
> On Thursday, 12 November 2015, Stephen de Vries <step...@gmail.com

>>> <https://groups.google.com/d/optout>.

>>
>>
>> --
>> You received this message because you are subscribed to the
>> Google Groups "OWASP ZAP Developer Group" group.
>> To unsubscribe from this group and stop receiving emails from
>> it, send an email to zaproxy-devel...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout

>> <https://groups.google.com/d/optout>.

>
> --
> You received this message because you are subscribed to the
> Google Groups "OWASP ZAP Developer Group" group.
> To unsubscribe from this group and stop receiving emails from
> it, send an email to zaproxy-devel...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout

> <https://groups.google.com/d/optout>.
>
>
>
> --
>
> Kasun Balasooriya
> about.me/kasun.balasooriya.71
> Kasun Balasooriya on about.me
>
>
> <http://about.me/kasun.balasooriya.71>

>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP Developer Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-devel...@googlegroups.com

> <mailto:zaproxy-devel...@googlegroups.com>.

[kasun balasooriya]

Hi! 
Thank you for the information! I was able to achieve what i needed by going through the class ReportLastScan. 

I want to extend the plugin to be used in the deamon mode. Any leads as to how I can achieve this? 

Thanks in advance! 

> <mailto:zaproxy-develop+unsub...@googlegroups.com>.