Which project (issue) types are supported?

[travsten-aumni]

This is a request to:

1. Update documentation around which types of Project vulnerabilities are supported in this integration.
2. Support any/all project types from Snyk, specifically the ones mentioned below in the bullet list.

For example, here is a list of all issue types from the Snyk API, though this list looks slightly different in the Snyk "reports/issues" tab in the UI. So not sure which one is the source of truth.

Specifically for our company, we are looking to support auto-creating Jira tickets for vulnerabilities found within the following project types:

• Code
  • react
  • ruby/rails
  • node
• open-source
  • package.json
  • Gemfile.lock
• Dockerfile
• ECR integration (scan containers)
  • And open-source within those containers
    • package.json
    • Gemfile.lock

[carwin]

This project was built around the Snyk Open Source product, so anything from this list should work - https://docs.snyk.io/products/snyk-open-source/language-and-package-manager-support.

It's possible the others might come through with information after a scan as well, but I haven't tested anything beyond Snyk Open Source, so your mileage may vary!

I'm pretty confident Snyk Code data won't be part of the webhook payload this integration relies upon, but in theory I think it's possible we'd see open source application vulnerability data from within container scans, though not the containers themselves.

---

As for the actual request portion of this issue, I call out Snyk Open Source in the opening page of the docs and I'm fairly certain its at the top of the actual integration's config page though I'm not in a place where I can check that at the moment.

I'll go ahead and tag this as an enhancement and see if I can find a way to make this info more visible to end-users!

[travsten-aumni]

@carwin Thank you so much for your speedy response. Yes, it sounds like just Snyk Open Source "project types" is supported. I feel embarrassed that I didn't notice that wiki callout! I overlooked that! I was relying and going off of this repo's README and a blog post that I believe you wrote, and wasn't able to find it there.

If it helps you, I believe a common path many people take to discover this tool might be similar to mine:

1. Got Snyk support notification (email and Slack notification) that there is this new integration
2. It linked to this article that you wrote https://snyk.io/blog/introducing-snyk-auto-issues-for-jira
3. I went to the code linked at the very bottom of the blog and looked at README

[carwin]

No worries @travsten-aumni - I just re-read the blog and it looks like the editors may have dropped my line about Snyk Open Source, so I can definitely see how it might be missed. The README needs a little bit of TLC as well, so I'll make that one of the TODO items as well.

Thanks!