This document will detail the automation you need to build to have resolved vulnerabilities close an associated Jira issues automatically.
These automation steps are performed in Jira, and as such, there is a possibility Atlassian may make changes, rendering this document outdated. This is outside of Snyk's control. However, this document will be reviewed periodically to ensure it is as accurate as possible.
This guide assumes you are utilizing Snyk Security in Jira Cloud Integration. Please configure this first before proceeding.
To Close a Jira issue automatically when a Vulnerability has been resolved
In Jira on your Project, go into Project Settings and then Automation
Click on the Create Rule button.
Click on Scheduled and then Scheduled
Setting a schedule of every 6 hours should be more than sufficiant to catch when your projects are retested (You can choose to run it more frequently if you wish).
Select the checkbox that says Run a JQL search and enter status
!= Done AND vulnerability[status] = CLOSED
in the field. Then hit next.
Optional Step. Hit the add the THEN: Add an action component, select Issue actions and select Comment on issue
and add your comment that you wish to be added to the issue. If you dont wish to add a comment then move on to the next step.
Lastly, add a new component, again choose THEN: Add an action. Click on Issue actions again, this time choose Transition issue.
Set the Destination status to Done or another status depending on your workflow.
Optionally set any other fields here that you wish then click Next.
That's it, you finished setting it up. Now you can click on Turn on rule, give it a name, and then hit the Turn on rule button again, and that's it.
Now, as per your schedule, Jira will look search for any issues that are not closed but where the vulnerability is closed and will close the Jira issue.