Using Kics with Jira and Xray

Using Kics is quite useful to find security issues in your Terraform and Ansible code before even trying to apply them.

How about using it in your CI/CD pipeline and if any “high” severities are found, to create test executions in Xray/Jira? Let’s do this:

This example is using Jira and Bitbucket Cloud. In short, it:

• Add curl and jq to the Docker image (the Kics image is using Alpine, which don’t have curl and jq by default)
• Run Kics and skip low and info-level severities, and create a results file in JUnit XML format
• Import the XML file into Xray, hence creating a test run in Jira
• Change the summary and description of the test run for something more descriptive

This can easily be adapted to use Jira Data Center (sadly, I don’t have access to a Data Center instance anymore), or moved to a Jenkins or GitLab pipeline.