Notify results
Jira
6 min
enterprise feature this feature is only available with trufflehog enterprise https //trufflesecurity com/contact to learn more get your trufflehog results sent to https //www atlassian com/software/jira the jira notifier will create a new jira issue for each found secret the issueβs summary (title) will include the secret type and source type, and the issueβs reporter will be the user configured to authenticate to jira the issue will be created with no assignee the value configured as the notifierβs issuedescription will be prepended to a text block that contains the secret type and source type, whether the secret was verified, and additional secret metadata you cannot set the summary , description , or reporter fields as custom fields, as they are automatically set by trufflehog itself attempting to do so will cause errors in the scanner by default, trufflehog will not modify issues in any way after they have been created the jira notifier does have an opt in, closed beta feature to automatically close jira issues when it detects that a secret has been rotated presently, this feature is only accessible via on prem configs to request access to this feature, please reach out to our team with a https //trufflesecurity atlassian net/servicedesk/customer/portal/1/group/1/create/6 the jira notifier supports either basic authentication or token based authentication if possible, please use token based authentication as it is the authentication method recommended by https //confluence atlassian com/enterprise/using personal access tokens 1026032365 html configuration web configuration you can configure this integration via the web ui through the integrations tab or you can use a local configuration file as outlined below local configuration token based auth notifiers \ connection '@type' type googleapis com/notifiers jira customfield \ name customfield 10000 value "security incident" type string \ name customfield 10001 value "5" type number \ name customfield 10002 value "high priority" type single select endpoint https //trufflesec atlassian net issuedescription found a secret issuetype bug projectkey secrets token pat name create jira tickets type notifier type jira basic auth notifiers \ connection '@type' type googleapis com/notifiers jira basicauth password t0ken username svc trufflehog\@company com customfield \ name customfield 10000 value "security incident" type string \ name customfield 10001 value "5" type number \ name customfield 10002 value "high priority" type single select endpoint https //trufflesec atlassian net issuedescription found a secret issuetype bug projectkey secrets name create jira tickets type notifier type jira options 221,100,100left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type capabilities true 330,331left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type example here is a screenshot of a created jira issue with trufflehog generated and user configured values highlighted
