Connect Penaxtra to Jira Cloud or Jira Data Center so high-severity findings open issues automatically and resolved issues mark the finding as remediated.
Connect Jira
- In Penaxtra, Integrations → Jira → Connect.
- For Jira Cloud: paste the workspace URL (e.g.
https://acme.atlassian.net) + an API token minted atid.atlassian.com. Use the email of the service account. - For Jira Data Center: choose
Personal Access Tokenand paste the PAT from the user profile. - Pick the target project + default issue type (typically
BugorSecurity). - Click Test connection. A synthetic issue is created and immediately closed; check the project history.
Mapping rules
Penaxtra creates a Jira issue when the finding matches the configured mapping rule. Default rule:
- Severity
>= highAND finding isopen - Title prefix:
[Penaxtra] - Description: includes the redacted excerpt, probe id, scan id, framework references, and a link back to the finding
- Custom field: framework references stored as a labels-style multi-select
Bidirectional state sync
| Penaxtra state | Jira issue state |
|---|---|
open | Open |
triaged | In Progress |
resolved | Done |
accepted | Won't Do |
false_positive | Cancelled |
When the Jira issue transitions to a terminal state, Penaxtra updates the finding's status via the inbound webhook.
Example issue payload
{
"summary": "[Penaxtra] Indirect prompt injection via RAG corpus",
"description": "**Severity:** high\\n**Probe:** rag_indirect_v2\\n**Frameworks:** OWASP_LLM01, MITRE_ATLAS_AML_T0051, EU_AI_ACT_Art15\\n\\n**Excerpt:**\\n> ... redacted ...\\n\\n[Open in Penaxtra](https://penaxtra.com/app/findings/fnd_2026_xxxxxx)",
"issuetype": { "name": "Bug" },
"labels": ["penaxtra","ai-security","OWASP_LLM01"],
"customfield_10031": "fnd_2026_xxxxxx"
}Common errors
| Code | Meaning | Fix |
|---|---|---|
401 | Token rejected | Re-mint token; verify service-account email |
403 issue_create_forbidden | Service account lacks Create Issues permission on the project | Adjust permission scheme |
404 customfield_unknown | Configured custom field id is invalid for the project | Re-pick the field in the integration settings |
429 | Atlassian rate limit | Penaxtra retries with backoff; persistent issues require Atlassian Premier support |
Security notes
- The Atlassian API token is sealed-box encrypted at rest.
- Inbound webhook from Jira is verified by source-IP allowlist + a shared secret in the webhook URL.
- Issue body is rendered server-side; no Jira-supplied content is parsed as HTML in Penaxtra.
Related
Last reviewed: 2026-06-15. Reviewed by: Engineering. Content type: Developer documentation. Reach the maintainers: [email protected] .