risk-to-jira-transformer

Risk-to-Jira Transformer

Converts unstructured risk assessments into structured engineering tickets. Turns "Risk Management" into "Task Management."

Quick Commands

Transform a risk assessment:

node scripts/transform-risk.js "Vulnerability in authentication service discovered during pen test. High likelihood, critical impact. Mitigation: Implement OAuth2 with PKCE." SEC

Transform with custom project:

node scripts/transform-risk.js "<risk description>" INFRA

Input Format

Accepts natural language risk descriptions. Automatically extracts:

• Risk Description - What is the risk?
• Likelihood - How likely is it to occur? (Low/Medium/High/Critical)
• Impact - What is the impact? (Low/Medium/High/Critical)
• Mitigation - How to address it?
• Affected Systems - Which systems are impacted?

Output Format

Generates JSON formatted for Jira API:

{
  "fields": {
    "project": { "key": "SEC" },
    "summary": "Implement OAuth2 with PKCE for authentication service",
    "description": "...",
    "issuetype": { "name": "Security Task" },
    "priority": { "name": "Critical" },
    "labels": ["security", "authentication", "risk-mitigation"],
    "customfield_10001": "High",  // Likelihood
    "customfield_10002": "Critical",  // Impact
    "customfield_10003": "Implement OAuth2 with PKCE"  // Mitigation
  }
}

Jira Fields Generated

• Summary - Concise risk title
• Description - Full risk assessment with context
• Priority - Based on Likelihood × Impact matrix
• Labels - Auto-tagged with relevant categories
• Issue Type - Security Task, Bug, Story, etc.
• Definition of Done - Clear acceptance criteria
• Custom Fields - Likelihood, Impact, Mitigation (if configured)

Risk Scoring

Automatically calculates risk score:

• Critical - High/Critical Likelihood × High/Critical Impact
• High - Medium Likelihood × High Impact, or High Likelihood × Medium Impact
• Medium - Other combinations
• Low - Low Likelihood × Low Impact

Example Inputs

• "SQL injection vulnerability found in user input validation. High likelihood of exploitation, critical impact on data integrity. Mitigation: Implement parameterized queries and input sanitization."
• "Missing encryption on database backups. Medium likelihood of data breach, high impact. Mitigation: Enable encryption at rest for all backup storage."
• "Unauthorized access possible due to weak password policy. High likelihood, medium impact. Mitigation: Enforce strong password requirements and MFA."

Prerequisites

• Risk description (natural language)
• Optional: Jira project key (defaults to SEC)
• Optional: Jira API credentials (for direct posting)