# Vulnerability Tickets

For each finding identified within AquilaX, you have the option to create an issue in GitHub Issues, GitLab, or JIRA (Atlassian) to manage it directly within your own environment. The setup page provides clear guidance to help you configure everything.

For documentation purposes, we will demonstrate how to set up all three integration modes. However, you are free to use one, two, or all three based on your specific needs.

## Organization Settings

Firstly let's make sure you give your organization access to to various tools; navigate under your organization and scroll down to the `Integrations` section, as bellow:

<figure><img src="https://53914109-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjAmSnvnfbHl4EDK56iDo%2Fuploads%2Fgit-blob-32dce5453db20c632bf30d5498be85e1ae42f5ff%2FScreenshot%202024-11-26%20at%2020.55.22.png?alt=media" alt=""><figcaption><p>Integrations</p></figcaption></figure>

If you’re just getting started, chances are you haven’t set up any of these yet. Don’t worry—let’s walk through the setup step by step for each integration.

### GitHub

Click on the GitHub option, and you will be redirected to the AquilaX GitHub authorization page

<figure><img src="https://53914109-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjAmSnvnfbHl4EDK56iDo%2Fuploads%2Fgit-blob-3f6415c6ff9916350352a97cfeeb807d01e37f6a%2FScreenshot%202024-11-26%20at%2021.05.42.png?alt=media" alt=""><figcaption><p>Select your org</p></figcaption></figure>

Here, you can select the level of access you wish to grant. In addition to read access for scanning, make sure to enable permissions for AquilaX to create issues as well.

<figure><img src="https://53914109-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjAmSnvnfbHl4EDK56iDo%2Fuploads%2Fgit-blob-87092c6374befa883c989bf4a4dbd4bcf3d02ebd%2FScreenshot%202024-11-26%20at%2021.10.23.png?alt=media" alt=""><figcaption><p>Allow AquilaX to create and write to issues</p></figcaption></figure>

### GitLab

Setting up GitLab is straightforward. Simply generate an API token in GitLab and grant AquilaX the necessary permissions. This includes read access to your code and the ability to create GitLab issues.

<figure><img src="https://53914109-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjAmSnvnfbHl4EDK56iDo%2Fuploads%2Fgit-blob-c32e7227aff52538bf97d5f0bde71cce9a3b0448%2FScreenshot%202024-11-26%20at%2021.20.10.png?alt=media" alt=""><figcaption><p>GitLab integration</p></figcaption></figure>

### JIRA

JIRA is exclusively used for raising tickets. The setup process is straightforward: simply use your access token from Atlassian as shown below.

<figure><img src="https://53914109-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjAmSnvnfbHl4EDK56iDo%2Fuploads%2Fgit-blob-579cab28a36156b25f2a1606f9466698882411fc%2FScreenshot%202024-11-26%20at%2021.22.19.png?alt=media" alt=""><figcaption><p>JIRA Integration</p></figcaption></figure>

That's it, all done in the organization level, these configuration is accessible to anyone within your organization.

## Group Settings

Once you’ve provided all the necessary authorizations and permissions, you can refine the setup further at the group level. This is especially useful if you need different configurations for different groups, giving you the flexibility to tailor settings as needed. Navigate to the Groups page, select the group you want to edit, and update the Security Policy section to ensure the appropriate configuration is in place.

<pre class="language-json" data-title="security policy"><code class="lang-json">{
  ...
  "jira_project_key": "<a data-footnote-ref href="#user-content-fn-1">SCRUM</a>",
  "raise_tickets": <a data-footnote-ref href="#user-content-fn-2">true</a>,
  "ticket_body": "<a data-footnote-ref href="#user-content-fn-3">Was found this {{vuln}} on this file {{file}}</a>",
  "ticket_integration": "<a data-footnote-ref href="#user-content-fn-4">GitHub, GitLab, Jira</a>",
  "ticket_title": "<a data-footnote-ref href="#user-content-fn-5">AquilaX - {{vuln}}</a>"
  ...
}
</code></pre>

A list of values and data you can include in the tickets can be used from the table that is following

<table><thead><tr><th width="210">variable</th><th></th></tr></thead><tbody><tr><td>code</td><td>Line of code identified to be vulnerable</td></tr><tr><td>confidence</td><td>confidence of the vulnerability</td></tr><tr><td>cves</td><td>CVEs associated to the vulnerability</td></tr><tr><td>cvss_score</td><td>CVSS Score</td></tr><tr><td>cvss_vector</td><td>CVSS Vector</td></tr><tr><td>cwe</td><td>CWE Array</td></tr><tr><td>git_sha</td><td>Git Commit SHA</td></tr><tr><td>git_uri</td><td>Git URI</td></tr><tr><td>id</td><td>Finding ID</td></tr><tr><td>line_start</td><td>Start of the Line</td></tr><tr><td>line_end</td><td>End of the Line</td></tr><tr><td>message</td><td>Detailed message of the vulnerability</td></tr><tr><td>path</td><td>File path</td></tr><tr><td>recommendation</td><td>Recommendation for mitigation</td></tr><tr><td>rule_id</td><td>Rule ID used to identify the vulnerability</td></tr><tr><td>scanner</td><td>Scanner name used</td></tr><tr><td>severity</td><td>Severity / Criticality</td></tr><tr><td>status</td><td>True Positive / False Positive / Unverified</td></tr><tr><td>scan_id</td><td>Scan ID</td></tr></tbody></table>

Now save the changes and navigate to any project and for each finding you can raise a ticket to the platform you need:

{% content-ref url="vulnerability-tickets/github-issues" %}
[github-issues](https://docs.aquilax.ai/user-manual/devtools/vulnerability-tickets/github-issues)
{% endcontent-ref %}

{% content-ref url="vulnerability-tickets/gitlab-issues" %}
[gitlab-issues](https://docs.aquilax.ai/user-manual/devtools/vulnerability-tickets/gitlab-issues)
{% endcontent-ref %}

{% content-ref url="vulnerability-tickets/jira-tickets" %}
[jira-tickets](https://docs.aquilax.ai/user-manual/devtools/vulnerability-tickets/jira-tickets)
{% endcontent-ref %}

[^1]: must be the project name inside your jira instance

[^2]: this must be present and true to be able to raise tickets for projects under this group

[^3]: This a parametrized content of the body that will be populated into the ticket for any integration. \\

[^4]: Case sensitive value to indicate one or more integration active for raising tickets

[^5]: This a parametrized content of the title that will be populated into the ticket for any integration. \\


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.aquilax.ai/user-manual/devtools/vulnerability-tickets.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.