Member-only story
Importing findings from Security Scorecard to Jira using Postman Runner
As a security professional I receive lots of information to help me understand our security posture and attack surface. One piece of information I use is from the company Security Scorecard. Topcoder uses the security ratings product as one of many information sources to provide visibility of risks.
Typically I would receive a bi-monthly report of findings in both PDF and csv formats. I’d spend time pulling this data into google sheets, sort and pivot the data, and try to cross reference against past findings or other findings in Jira. This process grew tedious for a number of reasons. First, findings would open and close weekly. This was due to the ephemeral nature of our cloud infrastructure and Security Scorecard viewed the finding on the old IP address as closed and the new IP address as a new unique finding. Second, I’d have to reconcile the spreadsheet data against other findings that were currently being managed in Jira. I quickly found that this didn’t scale and I decided to automate the import process into Jira and abandoned the spreadsheets.
Using Jira Import
I looked at the out of the box import process that Jira provided but that process expect new issues on import. Though Security Scorecard would have some new findings, several only updated the…
