In our team we track Github Dependabot vulnerabilities in our code bases by using Jira Automations to create and maintain a list of tickets related to those vulnerabilities. To do this we use the "link vulnerability to issue" action.

However we have a use case that this action cannot currently support.

We would like to collate multiple security vulnerabilities into a single ticket. This way, if hypothetically there are many high severity vulnerabilities in a given repository, we would only have 1 Jira ticket to track the work for resolving them all.

I have written a Jira automation that, if a new vulnerability is detected, the automation does a search to find the existing issue that is tracking security alerts on a given repository. Then the issue is found and the vulnerability is linked.

However, what I am describing is impossible to accomplish because the "link vulnerability to issue" action cannot take smart values as a parameter (see "link vulnerability to issue in https://support.atlassian.com/cloud-automation/docs/jira-automation-actions/\). This means that the existing issue which is searched for in a previous automation step cannot be used.

This is very important to our workflow because "high" level security alerts tend to be quite common and we do not want to pollute our Jira backlog with many related Jira tickets.