JIRA authentication not possible #632
Comments
|
It's up to you whether to use it or not, but we use Jira handler in the 1.10.0-rc release and they seem to work well against the cloud API. The code for the handler if you'd like to review it is on the v1.10.0 branch here. I was aware that a long/random API key is required instead of a users' passwords as of a little while ago, but not that the basic auth mechanism was deprecated. Could you link some details of the deprecation? I'm not seeing anything in the docs (last updated Aug 31, 2022) but we'll fix it if this isn't a forwards-compatible way of authenticating. |
|
Hi, unfortunately, I don't have the exact log anymore because I have deleted the database. But I was using the Docker image with the latest tag which appears to be a much older version than the one you mentioned. Using the v.1.10.0-rc it works now. However, I'm still concerned about the maintenance of this tools, especially with regards to CVE. Of course it's up to me if I'm using it or not but since Snowalert is mentioned in the official Snowflake docs I'd like to have some feedback from the Snowflake side if it's secure to use the tool or not. |
|
Can you link the CVE you're referring to? Yes, this is a secure tool to use, and included in our bug bounty if you have an exploit you'd like to report for a cash pay-out: https://hackerone.com/139c0e4f-5b34-470a-b81e-aa8740c3e66e/embedded_submissions/new |
Hi there!
I have installed SnowAlert and tried to have the JIRA integration that comes with it and have set up all the necessary environment variables in the environment file to establish a connection.
Unfortunately, it is not working. When I'm starting up SnowAlert it seems to request a Jira API endpoint but I'm always getting a 401 response code back meaning I'm not authorized.
My env variables are defined as follows:
SA_JIRA_URL=https://XXX.atlassian.net
SA_JIRA_PROJECT=XYZ
SA_JIRA_USER=[email protected]
SA_JIRA_API_TOKEN=TOKEN
I have made sure that these credentials are working with endpoint being requested and I'm getting a 200 response back.
So do you have any clue what's the issue here?
In general: Should this tool used be anyway since I don't see really any activity here in the repository?
Thanks!
edit//
so the issue is that the implementation of the jira handler seems to be using Basic auth which is already deprecated which much more raises to question if this tool should be used.
The text was updated successfully, but these errors were encountered: