# Jira Cloud

{% hint style="success" %}
To set up the SonarQube Server integration with Jira Cloud, see [jira-cloud](https://docs.sonarsource.com/sonarqube-server/instance-administration/integrations/jira-cloud "mention").
{% endhint %}

### Key features <a href="#key-features" id="key-features"></a>

The Jira Cloud integration allows SonarQube Server users to push issues into Jira Cloud and thus create the corresponding Jira work item with the work type they selected.

{% hint style="info" %}

* It's not possible to push a SonarQube issue to an existing Jira work item.
* A user cannot push the same issue to multiple Jira work items.
  {% endhint %}

A Jira work item includes the following information for each connected issue:

* Title of the connected SonarQube issue.
* SonarQube issue link.
* Location of the issues.
* File path.
* Code lines.
* Commit hash.
* Date the issue was introduced.
* Information about why this is an issue and how to fix it with the rule name and link.
* Impact on software quality and severity.

The reporter for the Jira work item is the SonarQube Server instance administrator who connected the SonarQube instance to Jira Cloud (see [#organization-level-integration](#organization-level-integration "mention") below).

### Solution overview <a href="#solution-overview" id="solution-overview"></a>

An OAuth integration app that you have to create in the Atlassian developer console is used to manage the integration between SonarQube Server and Jira Cloud. SonarQube Server will access Jira Cloud through this app.

The connection between SonarQube Server and Jira Cloud occurs at the following levels:

* **Instance**: Your SonarQube Server instance is connected to your Jira Cloud instance.
* **Project**: A SonarQube Server project is connected to a Jira Cloud space.
* **Issues**: When a user pushes an issue to Jira, the app creates the corresponding work item in the connected Jira Cloud space and both are connected.

<figure><img src="broken-reference" alt="The Jira Cloud integration occurs at three levels: instance, project, and issues. The SonarQube app for Jira Cloud acts on behalf of the account used to set up the instance connection."><figcaption></figcaption></figure>

#### **Instance-level integration** <a href="#organization-level" id="organization-level"></a>

The SonarQube Server instance administrator connects their SonarQube instance to their Jira Cloud instance by authenticating to the instance using their Atlassian account. This step results in the installation of the SonarQube Server app for Jira Cloud in the instance.\
The connection is based on the Atlassian account of the SonarQube Server instance administrator:

* This account becomes the default reporter of the Jira work items that will be created on pushing SonarQube issues.
* This account is used to grant the SonarQube Server instance access to the Jira Cloud instance through the app.

#### **Project-level integration** <a href="#project-level" id="project-level"></a>

Once your SonarQube Server instance has been connected to your Jira Cloud instance, a user with the corresponding permission within your organization can connect their project to a Jira Cloud space within the instance. The connection is done through the SonarQube Server app for Jira Cloud.

The connection setup defines the list of Jira work types users will be able to choose from when pushing issues to Jira.

{% hint style="info" %}
SonarQube Server doesn’t support all Jira work types. For more information, see [Broken link](https://docs.sonarsource.com/sonarqube-server/discovering/integrations/broken-reference "mention").
{% endhint %}

### Security <a href="#security" id="security"></a>

The SonarQube Server app for Jira Cloud is a [OAuth 2.0 3LO App](https://developer.atlassian.com/cloud/confluence/oauth-2-3lo-apps/) and thus, allows secure authentication via a standard 3LO flow.

If the app is not used for more than three months, its access authorization will expire. In that case, the SonarQube Server instance administrator must reauthorize the Jira Cloud connection through their Atlassian account. Note that the access authorization of the app can be manually removed from the organization admin's Atlassian account.

{% hint style="warning" %}
All Jira operations performed in SonarQube Server are performed on behalf of the SonarQube instance administrator's Atlassian account. When users connect a project or push issues, they might see Jira spaces and create Jira work items in spaces where they lack permissions in Jira Cloud. To mitigate this security concern, only SonarQube instance administrators are allowed to connect SonarQube Server projects to Jira by default.
{% endhint %}

### Related pages <a href="#related-pages" id="related-pages"></a>

* [jira-cloud](https://docs.sonarsource.com/sonarqube-server/instance-administration/integrations/jira-cloud "mention")
* [jira-cloud](https://docs.sonarsource.com/sonarqube-server/project-administration/integrations/jira-cloud "mention")
* [managing-jira-work-items](https://docs.sonarsource.com/sonarqube-server/user-guide/issues/managing-jira-work-items "mention")