search

reload / github-security-jira

Github Action for integrating Security Alerts with JIRA
MIT License
53 stars 32 forks source link

Priority field not set #383

Closed JimmyAlkhouri closed 5 months ago

JimmyAlkhouri commented 5 months ago

I'm getting a priority field not set error:

In JiraSecurityIssue.php line 217:

[RuntimeException]
Could not create issue: CURL HTTP Request Failed: Status Code : 400, URL:https://companyname.atlassian.net/rest/api/2/issue
Error Message : {"errorMessages":[],"errors":{"priority":" Specify the Priority (name) in the string format"}}

Exception trace: at /opt/ghsec-jira/vendor/reload/jira-security-issue/src/JiraSecurityIssue.php:217 Reload\JiraSecurityIssue->ensure() at /opt/ghsec-jira/src/SyncCommand.php:100 GitHubSecurityJira\SyncCommand->execute() at /opt/ghsec-jira/vendor/symfony/console/Command/Command.php:298 Symfony\Component\Console\Command\Command->run() at /opt/ghsec-jira/vendor/symfony/console/Application.php:1040 Symfony\Component\Console\Application->doRunCommand() at /opt/ghsec-jira/vendor/symfony/console/Application.php:301 Symfony\Component\Console\Application->doRun() at /opt/ghsec-jira/vendor/symfony/console/Application.php:171 Symfony\Component\Console\Application->run() at /opt/ghsec-jira/bin/ghsec-jira:18

Here are my configuration:

I'm wondering if others are experiencing the same issue or the last bot update caused it by any chance?

Thanks!

arnested commented 5 months ago

Hi @JimmyAlkhouri

We added explicit support for priorities recently: https://github.com/reload/jira-security-issue/pull/67.

The code now defaults to the “Undecided” priority instead of letting Jira assign a priority itself.

Do you have an “Undecided” priority in your project? Maybe our assumption that such priority always exists is wrong.

If you don't have an “Undecided” priority, you can specify another priority with the JIRA_PRIORITY environment variable in the configuration.

JimmyAlkhouri commented 5 months ago

Hi @arnested,

Thank you for the prompt reply! we default our JIRAs to priority "High". We don't use "Undecided." I think letting Jira assign priority might be more appropriate.

arnested commented 5 months ago

Our problem was Jira changed the way it assigned the priority.

It used to give me issues "Undecided" but then suddenly changed to "Minor".

We are alerted of security issues with priority Undecided and then assign a priority ourselves when we have looked into the issue.

Jiras sudden change resulted in us missing out on new security issues for about a week before we discovered the problem.

JimmyAlkhouri commented 5 months ago

Was the change in on premise vs Jira cloud offering? or the API v2 vs v3? My understanding v3 is still in beta.

JimmyAlkhouri commented 5 months ago

Hi @arnested,

Is it possible to use a version before the recent change was made? we are currently using 1.x

Thanks!

arnested commented 5 months ago

I think using reload/github-security-jira@4c4e2b39b6ea669c417ee42947e07e92a057a9fc should give you the last version before the priority change.

For your info, I intend to go back to not setting a priority (but keep the option to set one using the environment). But I/we are quite busy currently, so I can't promise when we'll get around to it.

arnested commented 5 months ago

Hi @JimmyAlkhouri, I believe we have resolved the issue now.

We only set a priority if a JIRA_PRIORITY variable is explicitly set.

JimmyAlkhouri commented 5 months ago

Hi @arnested, Thank you for addressing it. I appreciate your help!