Jira

enterprise feature this feature is only available with trufflehog enterprise contact us to learn more get your trufflehog results sent to jira the jira notifier will create a new jira issue for each found secret the issue’s summary (title) will include the secret type and source type, and the issue’s reporter will be the user configured to authenticate to jira the issue will be created with no assignee the value configured as the notifier’s issuedescription will be prepended to a text block that contains the secret type and source type, whether the secret was verified, and additional secret metadata you cannot set the summary , description , or reporter fields as custom fields, as they are automatically set by trufflehog itself attempting to do so will cause errors in the scanner by default, trufflehog will not modify issues in any way after they have been created the jira notifier does have an opt in, closed beta feature to automatically close jira issues when it detects that a secret has been rotated presently, this feature is only accessible via on prem configs to request access to this feature, please reach out to our team with a support ticket the jira notifier supports either basic authentication or token based authentication if possible, please use token based authentication as it is the authentication method recommended by atlassian configuration web configuration you can configure this integration via the web ui through the integrations tab or you can use a local configuration file as outlined below local configuration token based auth notifiers \ connection '@type' type googleapis com/notifiers jira customfield \ name customfield1 type string value string field value \ name customfield2 type number value "42" \ name customfield1 type single select value single select field value endpoint https //trufflesec atlassian net issuedescription found a secret issuetype bug projectkey secrets token pat name create jira tickets type notifier type jira basic auth notifiers \ connection '@type' type googleapis com/notifiers jira basicauth password t0ken username svc trufflehog\@company com customfield \ name customfield1 type string value string field value \ name customfield2 type number value "42" \ name customfield1 type single select value single select field value endpoint https //trufflesec atlassian net issuedescription found a secret issuetype bug projectkey secrets name create jira tickets type notifier type jira options key description required endpoint the endpoint of your jira installation, on prem or cloud yes projectkey the project key to file issues into yes issuetype the type of issue to file (bug or task are common types to use) yes issuedescription a description that shows up before the finding information no customfield an array of custom fields to include when creating the issue see the example above no issueautoclose (closed beta feature) include this directly above remediationtransitionname, if using this feature no remediationtransitionname (closed beta feature) the state that the auto close feature will move tickets to rotated secrets to this transition name usually matches the final state name in jira no capabilities feature supported file tickets for findings ✅ auto close remediated findings (available as closed beta) ❕ set the leaker as the assignee ❌ assign labels to issues ❌ example here is a screenshot of a created jira issue with trufflehog generated and user configured values highlighted