compliance-scanner-agent/docs/features/issues.md

Issue Tracker Integration

Compliance Scanner automatically creates issues in your existing issue trackers when new security findings are discovered. This integrates security into your development workflow without requiring teams to check a separate tool.

Supported Trackers

Tracker	Configuration Variables
GitHub Issues	GITHUB_TOKEN
GitLab Issues	GITLAB_URL, GITLAB_TOKEN
Jira	JIRA_URL, JIRA_EMAIL, JIRA_API_TOKEN, JIRA_PROJECT_KEY

How It Works

1. A scan discovers new findings
2. For each new finding, the agent checks if an issue already exists (by fingerprint)
3. If not, it creates an issue in the configured tracker with:
   • Title matching the finding title
   • Description with vulnerability details, severity, and file location
   • Link back to the finding in the dashboard
4. The finding is updated with the external issue URL

Viewing Issues

Navigate to Issues in the sidebar to see all tracker issues across your repositories.

The issues table shows:

Column	Description
Tracker	Badge showing GitHub, GitLab, or Jira
External ID	Issue number in the external system
Title	Issue title
Status	Open, Closed, or tracker-specific status
Created	When the issue was created
Link	Direct link to the issue in the external tracker

Click the Open link to go directly to the issue in GitHub, GitLab, or Jira.

Configuration

GitHub

GITHUB_TOKEN=ghp_xxxx

Issues are created in the same repository that was scanned.

GitLab

GITLAB_URL=https://gitlab.com
GITLAB_TOKEN=glpat-xxxx

Issues are created in the same project that was scanned.

Jira

JIRA_URL=https://your-org.atlassian.net
JIRA_EMAIL=security-bot@example.com
JIRA_API_TOKEN=your-api-token
JIRA_PROJECT_KEY=SEC

All issues are created in the specified Jira project (JIRA_PROJECT_KEY).

::: tip Use a dedicated service account for issue creation so that security findings are clearly attributed to automated scanning rather than individual team members. :::