Integrations
The Integrations Tab provides the forms to manage integration with external services. The currently supported services are:
Issue Trackers
- Issue tracker (Jira, Microsoft Boards or YouTrack)
- Jira (on-premise or cloud)
- Provide the project key you want to show in Jira (the prefix of the issue)
- for example: ISSUE
- Provide the Jira specific issue type
- for example: Task, Epic, Story, Bug
- Provide the URL for your Jira instance (the root).
- for example: https://company.atlassian.net
- The login ID you would like to use
- for example: person@example.com
- Your Atlassian api token key
- https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/
- Provide the project key you want to show in Jira (the prefix of the issue)
- Microsoft Boards
- Provide the URL for your Boards project. The URL has the form: https://dev.azure.com/{organization}/{project}
- Your personal access token (PAT) generated for your Azure account. The permission required for this token is “Read & write” on Work Items.
- YouTrack
- Provide the URL for your YouTrack instance.
- for example: https://{organization}.myjetbrains.com/youtrack
- Your YouTrack api token key
- https://www.jetbrains.com/help/youtrack/server/manage-authentication-tokens.html
- Provide the URL for your YouTrack instance.
- Jira (on-premise or cloud)
- Slack
- Syslog / IBM QRadar
- MergeBase REST API (Nucleus compatible)
- Splunk
Jira Integration
MergeBase supports integration with Jira Cloud and Jira Server (on-premise). For Jira Cloud, you must create an API token for a particular Jira user. On the MergeBase side, you select “API Token” as the Authorization Type and enter the client ID and token in the corresponding fields.
For Jira Server, you create a Personal Access Token in Jira. On the MergeBase side, you select “Personal Access Token” as the Authorization Type and enter the token in the corresponding field. You must be using Jira Server 8.4 or later.
Once you have saved your configuration, you can test the connection to ensure it is working properly.
If you are using Jira Server and need to create firewall rules to allow MergeBase to connect to it, you must request a permanent IP address from MergeBase. The REST API endpoints used by MergeBase are:
- /rest/api/2/project
- /rest/api/2/project/<project-key>
Automatic Ticket Creation
MergeBase now supports automatic ticket creation for issue trackers. By enabling the automatic ticket creation option, tickets will be generated whenever any of the following conditions are met:
- Scan: Whenever a security scan is performed, MergeBase will automatically create a ticket if any vulnerabilities are detected. This ensures that new vulnerabilities are immediately logged and tracked in your workflow.
- Vulnerability Feed Update: When the vulnerability feed is updated, MergeBase will review the changes and create tickets for any new vulnerabilities that affect your projects. This keeps your team informed of new risks as soon as they are identified.
- Risk Level Update by the User: If a user manually updates the risk level for vulnerabilities, MergeBase will generate a ticket to reflect this change. This allows your team to prioritize and address vulnerabilities based on the latest risk assessments.
This feature ensures that critical issues are promptly tracked and addressed in your workflow, enhancing your overall security management and response efficiency. Additionally, it supports notifications for changes in both warning-level and critical-level issues.
Syslog / IBM QRadar Integration
To configure Syslog integration, enter the Syslog server host name and select the connection type. There are three connection types, SSL, UDP, and TCP. SSL is recommended unless you are running MergeBase on a server in a secure network.
If you are using QRadar, change the message format to LEEF.
Use the Test Connection button to test your connection and send sample messages.