Notify results

JIRA

6min

﻿
Get your TruffleHog results sent to Jira. 
The Jira notifier will create a new Jira issue for each found secret. The issue’s summary (title) will include the secret type and source type, and the issue’s reporter will be the user configured to authenticate to Jira. The issue will be created with no assignee.
The value configured as the notifier’s issueDescription will be prepended to a text block that contains the secret type and source type, whether the secret was verified, and additional secret metadata.
Here is a screenshot of a created Jira issue with TruffleHog-generated and user-configured values highlighted:
﻿
Example generated Jira Issue
﻿
You can optionally configure custom fields for Jira issues if your Jira instance has special fields you want to populate. Available “type"s for CustomField are STRING, NUMBER, and SINGLE_SELECT.
You cannot set the Summary, Description, or Reporter fields as custom fields, as they are automatically set by TruffleHog itself. Attempting to do so will cause errors in the scanner.
TruffleHog will never modify issues in any way after they have been created. In particular, it will not close or update them when it detects that the associated secret has been rotated.
The Jira notifier supports either basic authentication or token-based authentication. If possible, please use token-based authentication as it is the authentication method recommended by Atlassian.
Configuration
﻿
Local configuration
Token-based auth
Basic auth
notifiers:
- connection:
    '@type': type.googleapis.com/notifiers.JIRA
    customField:
    - name: CustomField1
      type: STRING
      value: string field value
    - name: CustomField2
      type: NUMBER
      value: "42"
    - name: CustomField1
      type: SINGLE_SELECT
      value: single select field value
    endpoint: https://trufflesec.atlassian.net
    issueDescription: Found a secret
    issueType: Bug
    projectKey: SECRETS
    token: PAT
  name: create jira tickets
  type: NOTIFIER_TYPE_JIRA
notifiers:
- connection:
    '@type': type.googleapis.com/notifiers.JIRA
    customField:
    - name: CustomField1
      type: STRING
      value: string field value
    - name: CustomField2
      type: NUMBER
      value: "42"
    - name: CustomField1
      type: SINGLE_SELECT
      value: single select field value
    endpoint: https://trufflesec.atlassian.net
    issueDescription: Found a secret
    issueType: Bug
    projectKey: SECRETS
    token: PAT
  name: create jira tickets
  type: NOTIFIER_TYPE_JIRA
﻿
Options
Key
Description
Required
endpoint
The endpoint of your Jira installation, on-prem or cloud.
Yes
projectKey
The project key to file issues into
Yes
issueType
The type of issue to file (Bug or Task are common types to use)
Yes
issueDescription
A description that shows up before the finding informtation
No
customField
An array of custom fields to include when creating the issue. See the example above.
No
Capabilities
Feature
Supported
File tickets for findings
✅
Auto-close remediated findings (available as closed beta)
❕
Set the leaker as the assignee 
❌
Assign labels to issues
❌
﻿

Key	Description	Required
endpoint	The endpoint of your Jira installation, on-prem or cloud.	Yes
projectKey	The project key to file issues into	Yes
issueType	The type of issue to file (Bug or Task are common types to use)	Yes
issueDescription	A description that shows up before the finding informtation	No
customField	An array of custom fields to include when creating the issue. See the example above.	No

Feature	Supported
File tickets for findings	✅
Auto-close remediated findings (available as closed beta)	❕
Set the leaker as the assignee	❌
Assign labels to issues	❌

Updated 09 Oct 2024

Did this page help you?

Splunk