In this video tutorial, we combine Jenkins and Zed Attack Proxy to Atlassian Jira.

In this video tutorial, we combine Jenkins and Zed Attack Proxy to Atlassian Jira. This way we can use Jira as a security defect tracker, without having to manually input information on security detections.

Here is the tutorial also in real words:

The tutorial uses Vagrant and Virtualbox and assumes the host machine is running Linux. You should be able to do this with an OSX too.

# Installing the prerequisites

sudo apt-get install virtualbox vagrant virtualbox-dkms git vim ansible

# Clone git repository with virtual machine definitions here
git clone

# Starting the virtual environments (both Jira and Jenkins)
vagrant up

# To stop both of the systems (add name jira or jenkins to target only one)

vagrant halt

# Force-running provisioning again, in case of failure
vagrant up --provision jenkins

# Default IP addresses, changeable in Vagrantfile
Jira: http://localhost:8081
Jira IP:
Jenkins: http://localhost:9090

# Open connection to Jenkins machine (to get the password)
vagrant ssh jenkins
sudo cat /var/lib/jenkins/secrets/initialAdminPassword

# ZAP installation package path for custom tools plugin

# Zap directory name for custom tools plugin

# Demo application git repository (for Jenkins version control step)

# First build step

# Before the following build step, add ZAProxy plugin here.
# Then run the two following steps

kill `cat`


# To add Jira credential file to Zap workspace
vagrant ssh jenkins

# Change to Jenkins user to add Jenkins plugins and credential files
sudo su - jenkins

# add Jira Issue Creator plugin to Zap

cd ~/tools/com.cloudbees.jenkins.plugins.customtools.CustomTool/Zap/ZAP_2.4.3/plugins

# Put in Zap workspace (in ~./ZAP)

Interested in data security? Eficode and Silverskin have published a security guide, download it for free here. You are welcome!