Importing Data
FYI
This documentation is very much aimed at technical folk. If you need support as a non technical user, or want a custom migration, please email support@capablekoala.co.
Overview
Capable Risk fully supports importing data to be used within the plugin.
The Risk Rating field is the only field which should be imported to, all others will be updated automatically and as supported.
Risk Rating is imported as a JSON object and upon import will be automatically validated by the app (any errors will be visible in the relevant issue).
Importing via CSV
In general, we recommend importing via CSV since it’s well supported via Jiraand can be used both for importing new issues and updating existing ones.
The remainder of this documentation will focus on importing via CSV.
Risk type specifics
The Risk Rating field is a JSON object and must be formatted as such. In CSV that does require escaping the string with double quotes (or another valid escape sequence).
Risk Matrix
Example JSON:
{
"type": "rm",
"inputs": {
"initial_impact": 2,
"initial_likelihood": 4,
"residual_impact": 2,
"residual_likelihood": 3
}
}
Key points:
- The
typefield must be"rm". - The
inputsfield must be present and must be a JSON object with at least the twoinitial_fields. - the
residual_fields are optional and will blank if not provided.
CVSS
Example JSON:
{
"type": "cvss",
"inputs": {
"attack_vector": "NETWORK",
"access_complexity": "MEDIUM",
"authentication": "SINGLE",
"confidentiality": "COMPLETE",
"integrity": "PARTIAL",
"availability": "PARTIAL"
}
}
Key points:
- The
typefield must be"cvss". - The
inputsfield must be present and must be a JSON object with all fields present.
Validating before import
We have a JSON schema which can be used to validate your imports are valid before attempting to import them to Jira.
For example, in python, you may have the following:
from jsonschema import validate, ValidationError
# Load the provided schema
schema_path = '/mnt/data/input-schema.json'
with open(schema_path, 'r') as schema_file:
schema = json.load(schema_file)
# Validate each JSON entry in the "Risk Mapping" column
def validate_json(risk_rating_import, schema):
try:
data = json.loads(risk_rating_import)
validate(instance=data, schema=schema)
return True
except (ValidationError, json.JSONDecodeError):
return False
Updating existing issues
In order to update existing issues, you will need to provide the issueKey, summary and riskRating fields. The riskRating field must be formatted as described above. The summary should match the existing issue summary.
To import in to Jira:
- Visit “System” > “External system import”
- Click “Switch to the old experience”
- Follow the process to import the CSV file, mapping the 3 fields to the relevant Jira fields.
Example CSV files
For importing new issues with a CVSS, you might have the following CSV:
Summary,Description,Risk Rating
Test Valid CVSS,Test Import,"{""type"":""cvss"",""inputs"":{""attack_vector"":""NETWORK"",""access_complexity"":""MEDIUM"",""authentication"":""SINGLE"",""confidentiality"":""COMPLETE"",""integrity"":""PARTIAL"",""availability"":""PARTIAL""},""outputs_cvss"":{""score"":7.5,""vector"":""AV:N AC:M Au:S C:C I:P A:P""},""outputs"":{""needs_mitigation"":true,""has_mitigation"":true,""initial"":""CVSS 7.5"",""residual"":""N/A"",""summary"":""CVSS 7.5, Mitigation Required"",""mitigation_count"":1}}"
Or, for importing new issues with a Risk Matrix, you might have the following CSV:
Summary,Description,Risk Rating
Test Valid Risk Matrix,Test Import,"{""type"":""rm"",""inputs"":{""initial_impact"":2,""initial_likelihood"":4,""residual_impact"":2,""residual_likelihood"":3}}"