Jira

enterprise feature this feature is only available with trufflehog enterprise https //trufflesecurity com/contact to learn more get your trufflehog results sent to https //www atlassian com/software/jira the jira notifier will create a new jira issue for each found secret the issue’s summary (title) will include the secret type and source type, and the issue’s reporter will be the user configured to authenticate to jira the issue will be created with no assignee the value configured as the notifier’s issuedescription will be prepended to a text block that contains the secret type and source type, whether the secret was verified, and additional secret metadata you cannot set the summary , description , or reporter fields as custom fields, as they are automatically set by trufflehog itself attempting to do so will cause errors in the scanner by default, trufflehog will not modify issues in any way after they have been created the jira notifier does have an opt in, closed beta feature to automatically close jira issues when it detects that a secret has been rotated presently, this feature is only accessible via on prem configs to request access to this feature, please reach out to our team with a https //trufflesecurity atlassian net/servicedesk/customer/portal/1/group/1/create/6 the jira notifier supports either basic authentication or token based authentication if possible, please use token based authentication as it is the authentication method recommended by https //confluence atlassian com/enterprise/using personal access tokens 1026032365 html configuration web configuration you can configure this integration via the web ui through the integrations tab or you can use a local configuration file as outlined below local configuration token based auth notifiers \ connection '@type' type googleapis com/notifiers jira customfield \ name customfield 10000 value "security incident" type string \ name customfield 10001 value "5" type number \ name customfield 10002 value "high priority" type single select endpoint https //trufflesec atlassian net issuedescription found a secret issuetype bug projectkey secrets token pat name create jira tickets type notifier type jira basic auth notifiers \ connection '@type' type googleapis com/notifiers jira basicauth password t0ken username svc trufflehog\@company com customfield \ name customfield 10000 value "security incident" type string \ name customfield 10001 value "5" type number \ name customfield 10002 value "high priority" type single select endpoint https //trufflesec atlassian net issuedescription found a secret issuetype bug projectkey secrets name create jira tickets type notifier type jira options key description required endpoint the endpoint of your jira installation, on prem or cloud yes projectkey the project key to file issues into yes issuetype the type of issue to file (bug or task are common types to use) yes issuedescription a description that shows up before the finding information no customfield an array of custom fields to include when creating the issue jira requires the custom field id for the name value, see the examples above no issueautoclose (closed beta feature) include this directly above remediationtransitionname, if using this feature no remediationtransitionname (closed beta feature) the state that the auto close feature will move tickets to rotated secrets to this transition name usually matches the final state name in jira no capabilities feature supported file tickets for findings ✅ auto close remediated findings (available as closed beta) ❕ set the leaker as the assignee ❌ assign labels to issues ❌ example here is a screenshot of a created jira issue with trufflehog generated and user configured values highlighted