Detailed Jira Tickets

[Geelofhar]

Hi everyone,

i added a connection to jira, now i'd like to add the cvssV3BaseScore or the vector to my ticket.

Through looking at the template i guessed it could be subject.vulnerability.cvssV3BaseScore, which doesn't work. Is there a doc for this or could anyone provide a solution?

[Geelofhar]

this is my current template

{
    "fields": {
       "project": {
          "key": "{{ jiraProjectKey }}"
       },
       "issuetype": {
          "name": "{{ jiraTicketType }}"
       },
       "summary": " [{{ notification.group | escape(strategy="json") }}] {% if notification.group == "NEW_VULNERABILITY" %} New {{ subject.vulnerability.severity | lower }} vulnerability identified: {{ subject.vulnerability.vulnId }}
         {% elseif notification.group == "NEW_VULNERABLE_DEPENDENCY" %}
         Vulnerable dependency introduced on project {{ subject.component.project.name | escape(strategy="json") }}
         {% else %}
         [{{ notification.title | escape(strategy="json") }}]
         {% endif %}",
       {% if notification.group == "NEW_VULNERABILITY" %}
       "description": "A new vulnerability has been identified on your project(s).{{subject.vulnerability.cvssV3BaseScore}} \n\\\\\n\\\\\n*Vulnerability description*\n{code:none|bgColor=white|borderStyle=none}{{ subject.vulnerability.description | escape(strategy="json") }}{code}\n\n*VulnID*\n{{ subject.vulnerability.vulnId }}\n\n*Severity*\n{{ subject.vulnerability.severity | lower | capitalize }}\n\n*Component*\n[{{ subject.component | escape(strategy="json") }}|{{ baseUrl }}/components/{{ subject.component.uuid }}]\n\n*Affected project(s)*\n
       {% for project in subject.affectedProjects %}
       - [{{ project.name | escape(strategy="json") }} ({{ project.version | escape(strategy="json") }})|{{ baseUrl }}/projects/{{ project.uuid }}]\n 
       {% endfor %}", 
       "priority": {
         "name": "{% if subject.vulnerability.severity == 'CRITICAL' %}Highest{% elseif subject.vulnerability.severity == 'HIGH' %}High{% elseif subject.vulnerability.severity == 'MEDIUM' %}Medium{% else %}Low{% endif %}"},
       {% elseif notification.group == "NEW_VULNERABLE_DEPENDENCY" %}
       "description": "A component which contains one or more vulnerabilities has been added to your project.\n\\\\\n\\\\\n*Project*\n[{{ subject.component.project | escape(strategy="json") }}|{{ baseUrl }}/projects/{{ subject.component.project.uuid }}]\n\n*Component*\n[{{ subject.component | escape(strategy="json") }}|{{ baseUrl }}/components/{{ subject.component.uuid }}]\n\n*Vulnerabilities*\n{% for vulnerability in subject.vulnerabilities %}- {{ vulnerability.vulnId }} ({{ vulnerability.severity | lower | capitalize }})\n{% endfor %}"
       {% else %}
       "description": "{{ notification.content | escape(strategy="json") }}\n\\\\\n\\\\\n*Level*\n{{ notification.level }}\n\n"
       {% endif %}
   }
}

[Geelofhar]

The funny thing is if I use subject.vulnerability.cvssV3BaseScore in the summary field, it works. If used in description, i get a 400 back

[Geelofhar]

`

{
"fields": {
"project": {
"key": "{{ jiraProjectKey }}"
},
"issuetype": {
"name": "{{ jiraTicketType }}"
},
"summary": "[{{ notification.group | escape(strategy="json") }}] {% if notification.group == "NEW_VULNERABILITY" %} New {{ subject.vulnerability.severity | lower }} vulnerability identified: {{ subject.vulnerability.vulnId }}{% elseif notification.group == "NEW_VULNERABLE_DEPENDENCY" %}Vulnerable dependency introduced on project {{ subject.component.project.name | escape(strategy="json") }}{% else %}{{ notification.title | escape(strategy="json") }}{% endif %}",
{% if notification.group == "NEW_VULNERABILITY" %}
"description": "A new vulnerability has been identified on your project(s).\n\\\n\\\nVulnerability description\n{code:none|bgColor=white|borderStyle=none}{{ subject.vulnerability.description | escape(strategy="json") }}{code}\n\nVulnID\n{{ subject.vulnerability.vulnId }}\n\nSeverity\n{{ subject.vulnerability.severity | lower | capitalize }}\n\nComponent\n[{{ subject.component | escape(strategy="json") }}|{{ baseUrl }}/components/{{ subject.component.uuid }}]\n\nAffected project(s)\n{% for project in subject.affectedProjects %}- [{{ project.name | escape(strategy="json") }} ({{ project.version | escape(strategy="json") }})|{{ baseUrl }}/projects/{{ project.uuid }}]\n{% endfor %}","priority": {
"name": "{% if subject.vulnerability.severity == 'CRITICAL' %}Highest{% elseif subject.vulnerability.severity == 'HIGH' %}High{% elseif subject.vulnerability.severity == 'MEDIUM' %}Medium{% else %}Low{% endif %}"
}, "customfield_10233": {{ subject.vulnerability.cvssV3BaseScore}}, "customfield_10265": "{{ subject.vulnerability.cvssV3Vector}}"
{% elseif notification.group == "NEW_VULNERABLE_DEPENDENCY" %}
"description": "A component which contains one or more vulnerabilities has been added to your project.\n\\\n\\\nProject\n[{{ subject.component.project | escape(strategy="json") }}|{{ baseUrl }}/projects/{{ subject.component.project.uuid }}]\n\nComponent\n[{{ subject.component | escape(strategy="json") }}|{{ baseUrl }}/components/{{ subject.component.uuid }}]\n\nVulnerabilities\n{% for vulnerability in subject.vulnerabilities %}- {{ vulnerability.vulnId }} ({{ vulnerability.severity | lower | capitalize }})\n{% endfor %}"
{% else %}
"description": "{{ notification.content | escape(strategy="json") }}\n\\\n\\\nLevel\n{{ notification.level }}\n\n"
{% endif %}
}
}`