Book Your Free Consultation
How Mature Is Your DevSecOps?
Begin Your Assessment

Cyrus User Guide

Book Your Free Consultation

Introducing Cyrus for Jira — comprehensive security guidance, right where your team works

Cyrus embeds the OWASP ASVS into every user-story discussion, automatically surfacing the controls you may have overlooked and letting you push them straight into the ticket. Here’s a soup-to-nuts walkthrough so anyone on your team can be up and running in minutes—completely table-free.

1. Install Cyrus from the Atlassian Marketplace

  1. In Jira’s top navigation bar, choose Apps → Explore more apps (you’ll need Jira Administrator rights for this step).
  2. In the Marketplace search box, type “Cyrus”.
  3. Click Cyrus in the results list, then hit Install.
  4. Follow Atlassian’s prompts until you see “Cyrus successfully installed.”
    You only have to install Cyrus once per Jira site.

2. Add your workspace API key

  1. Inside the Jira project where you plan to use Cyrus, open App settings.
  2. In the sidebar, click Cyrus —a new item added during installation.
  3. Paste the API key you received when you registered with Cyrus.
  4. Click Save.
    Your project is now linked to the Cyrus analysis engine.

3. Run your first analysis—no code required

  1. Open any user story (issue type Story or Task).
  2. In the right-hand issue glance, click Analyze with Cyrus.
  3. Wait a few seconds while Cyrus reads the summary, description, acceptance criteria, and technical notes.
  4. A Security Requirements panel appears, listing every ASVS control that applies but isn’t yet addressed.

4. Review & select requirements

  • Each control appears as a checkbox prefixed with its ASVS clause (e.g., V2.1 — Verify all authentication controls are enforced server-side).
  • Hover to see a concise rationale or click the info icon for the full ASVS text.
  • Check the items you agree should be implemented for this story.

5. Push the requirements into the conversation

  1. Scroll to the bottom of the list and click Comment selected to issue.
  2. Cyrus posts a single Jira comment that enumerates every checked requirement—perfect for developers, testers, and reviewers to track.
  3. Because they land in a normal comment thread, teammates can reply, edit, or convert them into subtasks as needed.

6. Iterate with confidence

Whenever the story changes—new scope, updated acceptance criteria—just hit Analyze again. Cyrus refreshes the checklist so security stays in lock-step with agile refinement.

Why teams love Cyrus

  • ASVS-backed – Mapping to an industry standard removes guesswork and audit anxiety.
  • Friction-free – One click surfaces a curated checklist right inside the issue.
  • Actionable – Checkboxes + “Comment” turns guidance into documented commitments.
  • Early & Continuous – Catch gaps before code is written and re-evaluate after every tweak.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again. Privacy Policy