Skip to main content

Integrate a new Jira Cloud source

info

For now, only real-time scanning is supported to detect secrets in issues and comments. All detectors are supported, with the exception of these 2 generic detectors, in order to limit the risk of false positives:

Setting up and configuring this integration is limited to users with an Owner or Manager access level. Jira Cloud site installation is only open to workspaces under the Business plan, but uninstallation is open to all. Alternatively, you can install and test secret detection in Jira Cloud with a 30-day trial. Any secret incidents created during this period will remain accessible in your incident dashboard after the trial period.

GitGuardian integrates natively with Jira Cloud via a Jira Cloud app that you can install on your Jira Cloud sites. Note that the GitGuardian Jira Cloud app only has read access to your projects.

Setup your Jira Cloud integration

You can install GitGuardian on multiple Jira Cloud sites to monitor your projects.

  1. Make sure you're logged in the Jira Cloud site you want to install
  2. In the GitGuardian platform, navigate to the Integrations page
  3. Click on the Install button on the Jira Cloud card in the Ticketing section Jira Cloud card
  4. Click on the Install button of the Jira Cloud integration page
  5. Select the Jira Cloud site you want to add
  6. Click on the Accept button to accept the permissions requested by GitGuardian Jira Cloud permissions

That's it! Our GitGuardian app is now automatically invited on all your projects. It will now start monitoring all issues of your projects for secrets.

Setup Jira Cloud for self-hosted GitGuardian

info

We recommend using dedicated workers for Jira Cloud. For more detailed information on scaling and configuration, please visit our scaling page.

If you are using a self-hosted GitGuardian instance, you must first configure a dedicated Jira Cloud App so that you own the entire data stream. This will ensure that your Jira Cloud App is created with all the appropriate rights.

1. Create a Jira Cloud app

  1. Navigate to the Jira Cloud integration page
  2. Click on Configure Jira Cloud app
    Jira Cloud app configure

As a Jira Cloud administrator

  1. Click on Create Jira Cloud app (Alternatively, if you're not a GitGuardian Manager, you can access the Atlassian developer console directly)
  2. Type the name of your new Jira Cloud app: GitGuardian
  3. Agree to Atlassian's developer terms by checking: I agree to be bound by Atlassian's developer terms.
  4. Click on Create
    Jira Cloud app create
  5. Go to the Permissions page
  6. Click on Add button next to the Jira API line
    Permissions - Jira API add
  7. Click on Configure button next to the Jira API line
  8. In the Classic scopes tab, click on the Edit Scopes button of the Jira platform REST API section
    Jira Cloud - Classic scopes edit
  9. Select the following classic scopes:
    • read:jira-user
    • read:jira-work
    • write:jira-work
    • manage:jira-configuration
    • manage:jira-webhook
  10. Click on Save
    Jira Cloud - Classic scopes
  11. In the Granular scopes tab, click on the Edit Scopes button
    Jira Cloud - Granular scopes edit
  12. Select the following granular scopes:
  • read:application-role:jira
  • read:attachment:jira
  • read:avatar:jira
  • read:comment.property:jira
  • read:comment:jira
  • read:epic:jira-software
  • read:field-configuration:jira
  • read:field:jira
  • read:group:jira
  • read:issue-details:jira
  • read:issue-event:jira
  • read:issue-field-values:jira
  • read:issue-meta:jira
  • read:issue-security-level:jira
  • read:issue-type-hierarchy:jira
  • read:issue-type:jira
  • read:issue.changelog:jira
  • read:issue.property:jira
  • read:issue.vote:jira
  • read:issue:jira
  • read:jql:jira
  • read:project-category:jira
  • read:project-role:jira
  • read:project-version:jira
  • read:project.component:jira
  • read:project.property:jira
  • read:project:jira
  • read:status:jira
  • read:user:jira
  • read:webhook:jira
  • write:webhook:jira
  • delete:webhook:jira
  1. Click on Save
    Jira Cloud - Granular scopes
  2. Go to the Authorization page
  3. Click on Add button next to the OAuth 2.0 (3LO) line
    Authorization - OAuth 2.0 add
  4. Enter the callback URL based on your GitGuardian self-hosted instance URL:
    https://<gitguardian.acme.com>/api/v1/jira-cloud/app/install_callback/
  5. Click on Save changes
    Jira Cloud - Callback URL
  6. Go to the Overview page
  7. Get your App details (App ID) (alternatively, you can find and copy it more easily from the URL)
    Jira Cloud - Overview credentials
  8. Go to the Settings page
  9. Get your Authentication details (Client ID, Secret)
    Jira Cloud - Settings credentials

That's it! Your Jira Cloud app has been created and you can now declare your Jira Cloud app in the GitGuardian Platform. Alternatively, if you are not a GitGuardian Manager, you can now return the Jira Cloud app credentials to your requester in the secure way of your choice (App ID, Client ID, Secret).

info

All these permissions are defined for the creation of your Jira Cloud app. This Jira Cloud app can be used for any type of Jira Cloud integration (secret detection, issue tracking). When installing a Jira Cloud site for a specific integration, only a subset of your Jira Cloud app's permissions will be requested. GitGuardian requires only the minimum number of permissions per integration.

As a non Jira Cloud administrator

If you don't have the right to create a Jira Cloud app, please ask your Jira Cloud administrator to do it for you. You can easily forward a request with this procedure:

  1. Click on the Send a request to a Jira administrator link to easily forward your request
  2. They should in turn provide you with the Jira Cloud app credentials to proceed with the rest of the configuration.

2. Declare your Jira Cloud app in the GitGuardian Platform

  1. Paste your Jira Cloud app credentials (App ID, Client ID, Secret)
  2. Click on Save and close
    Jira Cloud app credentials

That's it! Your Jira Cloud configuration is now ready and you can now setup your Jira Cloud integration.

Edit your Jira Cloud app configuration

In case you need to edit your Jira Cloud app configuration, due to an error when declaring your Jira Cloud app credentials or due to a secret rotation, you can do so as follows:

  1. Click on Edit Jira Cloud app
  2. Update your Jira Cloud app credentials
  3. Click on Save and close
    Jira Cloud app configuration edit

Delete your Jira Cloud app configuration

In case you need to delete your Jira Cloud app configuration, you can do so as follows:

  1. Click on Edit Jira Cloud app
  2. Click on Delete configuration
  3. Confirm by clicking on Delete configuration in the confirmation modal
info

Deleting your Jira Cloud app configuration will uninstall all your Jira Cloud integrations. However, all your existing incidents detected on Jira Cloud will remain available on your dashboard. Note that deleting the Jira Cloud app configuration will only delete the configuration, not the Jira Cloud app. If you want to delete your Jira Cloud app, you must do so from your Jira Cloud site.

Uninstall your Jira Cloud site

To uninstall a Jira Cloud site:

  1. In the GitGuardian platform, navigate to the Integrations page
  2. Click on the Jira Cloud card in the Ticketing section
  3. Click on the bin icon next to the Jira Cloud site to be uninstalled
  4. Confirm by clicking on the Yes, uninstall button in the confirmation modal Jira Cloud uninstall

That's it! Your Jira Cloud site is now uninstalled.

Remove the GitGuardian app from your Jira Cloud site

Uninstalling a Jira Cloud site from the GitGuardian platform does not remove the GitGuadian app from your Jira Cloud site. This is not a mandatory step, but you can remove it manually after uninstalling your Jira Cloud site from the GitGuardian platform.

Warning

The GitGuardian app is shared with the Jira Cloud issue tracking integration. Removing the app from your Jira Cloud site will break any existing integration in the GitGuardian platform. Make sure your Jira Cloud site is no longer installed on the GitGuardian platform before removing the GitGuardian app manually.

To remove the GitGuardian app from your Jira Cloud site:

  1. Go to your Jira Cloud site
  2. Select Settings > Atlassian account settingsJira Cloud Atlassian account settings
  3. Go to the Connected apps tab
  4. Click on the Remove access button next to the GitGuardian app Jira Cloud - Remove app
  5. Click on the Remove button in the confirmation modal

That's it! The GitGuardian app is now removed from your Jira Cloud site.

Privacy

Country-specific laws and regulations may require you to inform your Jira Cloud users that your projects are being scanned for secrets. Here is a suggestion for a message you may want to use:

As part of our internal information security process, the company scans the Jira Cloud projects for potential secrets leaks using GitGuardian. All data collected will be processed for the purpose of detecting potential leaks. To find out more about how we manage your personal data and to exercise your rights, please refer to our employee/partner privacy notice. Please note that only projects relating to the company’s activity and business may be monitored and that users shall refrain from sharing personal or sensitive data not relevant to the project’s purpose.

How can I help you ?