sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues 51 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity
Files
08a1ee2f0025858125343b6d35852a7689cd5f2a
compliance-scanner-agent/docs/guide/issues.md
Sharang Parnerkar 3ec1456b0d
All checks were successful
CI / Clippy (push) Successful in 4m56s
Details
CI / Security Audit (push) Successful in 1m48s
Details
CI / Tests (push) Successful in 5m36s
Details
CI / Deploy MCP (push) Has been skipped
Details
CI / Format (push) Successful in 6s
Details
CI / Detect Changes (push) Successful in 4s
Details
CI / Deploy Agent (push) Successful in 2s
Details
CI / Deploy Dashboard (push) Successful in 2s
Details
CI / Deploy Docs (push) Successful in 3s
Details
docs: rewrite user-facing documentation with screenshots (#11)
2026-03-11 15:26:00 +00:00

57 lines
2.8 KiB
Markdown
Raw Blame History

# Issues & Tracking
Certifai automatically creates issues in your existing issue trackers when new security findings are discovered. This integrates security into your development workflow without requiring teams to check a separate tool.
## How Issues Are Created
When a scan discovers new findings, the following happens automatically:
1. Each new finding is checked against existing issues using its fingerprint
2. If no matching issue exists, a new issue is created in the configured tracker
3. The issue includes the finding title, severity, vulnerability details, file location, and a link back to the finding in Certifai
4. The finding is updated with a link to the external issue
This means every actionable finding gets tracked in the same system your developers already use.
## Issues List
Navigate to **Issues** in the sidebar to see all tracker issues across your repositories.
![Issues list showing tracker issues](/screenshots/issues-list.png)
The issues table shows:
| Column | Description |
|--------|-------------|
| Tracker | Badge showing GitHub, GitLab, Gitea, or Jira |
| External ID | Issue number in the external system |
| Title | Issue title |
| Status | Open, Closed, or tracker-specific status |
| Created | When the issue was created |
| Link | Direct link to the issue in the external tracker |
Click the link to go directly to the issue in your tracker.
## Supported Trackers
| Tracker | How to Configure |
|---------|-----------------|
| **GitHub Issues** | Set up in the repository's issue tracker settings with your GitHub API token |
| **GitLab Issues** | Set up with your GitLab project ID, instance URL, and API token |
| **Gitea Issues** | Set up with your Gitea repository details, instance URL, and API token |
| **Jira** | Set up with your Jira project key, instance URL, email, and API token |
Issue tracker configuration is per-repository. You set it up when [adding or editing a repository](/guide/repositories#configuring-an-issue-tracker).
## Deduplication
Issues are deduplicated using the same fingerprint hash that deduplicates findings. This means:
- If the same vulnerability appears in consecutive scans, only one issue is created
- If a finding is resolved and then reappears, the platform recognizes it and can reopen the existing issue rather than creating a duplicate
- Different findings (even if similar) get separate issues because their fingerprints differ based on file path, line number, and vulnerability type
## Linked Issues in Finding Detail
When viewing a [finding's detail page](/guide/findings#finding-detail), you will see a **Linked Issue** section if an issue was created for that finding. This provides a direct link to the external tracker issue, making it easy to jump between the security context in Certifai and the development workflow in your tracker.
Reference in New Issue View Git Blame Copy Permalink