Issue Tracker Integration
Compliance Scanner automatically creates issues in your existing issue trackers when new security findings are discovered. This integrates security into your development workflow without requiring teams to check a separate tool.
Supported Trackers
| Tracker | Configuration Variables |
|---|---|
| GitHub Issues | GITHUB_TOKEN |
| GitLab Issues | GITLAB_URL, GITLAB_TOKEN |
| Jira | JIRA_URL, JIRA_EMAIL, JIRA_API_TOKEN, JIRA_PROJECT_KEY |
How It Works
- A scan discovers new findings
- For each new finding, the agent checks if an issue already exists (by fingerprint)
- If not, it creates an issue in the configured tracker with:
- Title matching the finding title
- Description with vulnerability details, severity, and file location
- Link back to the finding in the dashboard
- The finding is updated with the external issue URL
Viewing Issues
Navigate to Issues in the sidebar to see all tracker issues across your repositories.
The issues table shows:
| Column | Description |
|---|---|
| Tracker | Badge showing GitHub, GitLab, or Jira |
| External ID | Issue number in the external system |
| Title | Issue title |
| Status | Open, Closed, or tracker-specific status |
| Created | When the issue was created |
| Link | Direct link to the issue in the external tracker |
Click the Open link to go directly to the issue in GitHub, GitLab, or Jira.
Configuration
GitHub
GITHUB_TOKEN=ghp_xxxxIssues are created in the same repository that was scanned.
GitLab
GITLAB_URL=https://gitlab.com
GITLAB_TOKEN=glpat-xxxxIssues are created in the same project that was scanned.
Jira
JIRA_URL=https://your-org.atlassian.net
JIRA_EMAIL=security-bot@example.com
JIRA_API_TOKEN=your-api-token
JIRA_PROJECT_KEY=SECAll issues are created in the specified Jira project (JIRA_PROJECT_KEY).
TIP
Use a dedicated service account for issue creation so that security findings are clearly attributed to automated scanning rather than individual team members.