c253e4ef5e
Rewrite all public documentation to be user-facing only: - Remove deployment, configuration, and self-hosting sections - Add guide pages for SBOM, issues, webhooks & PR reviews - Add reference pages for glossary and tools/scanners - Add 12 screenshots from live dashboard - Explain MCP, LLM triage, false positives, human-in-the-loop Fix edit repository modal not scrollable (max-height + overflow-y). Show full webhook URL using window.location.origin instead of path. Unset RUSTC_WRAPPER in agent cargo commands to avoid sccache errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2.8 KiB
Issues & Tracking
Certifai automatically creates issues in your existing issue trackers when new security findings are discovered. This integrates security into your development workflow without requiring teams to check a separate tool.
How Issues Are Created
When a scan discovers new findings, the following happens automatically:
- Each new finding is checked against existing issues using its fingerprint
- If no matching issue exists, a new issue is created in the configured tracker
- The issue includes the finding title, severity, vulnerability details, file location, and a link back to the finding in Certifai
- The finding is updated with a link to the external issue
This means every actionable finding gets tracked in the same system your developers already use.
Issues List
Navigate to Issues in the sidebar to see all tracker issues across your repositories.
The issues table shows:
| Column | Description |
|---|---|
| Tracker | Badge showing GitHub, GitLab, Gitea, or Jira |
| External ID | Issue number in the external system |
| Title | Issue title |
| Status | Open, Closed, or tracker-specific status |
| Created | When the issue was created |
| Link | Direct link to the issue in the external tracker |
Click the link to go directly to the issue in your tracker.
Supported Trackers
| Tracker | How to Configure |
|---|---|
| GitHub Issues | Set up in the repository's issue tracker settings with your GitHub API token |
| GitLab Issues | Set up with your GitLab project ID, instance URL, and API token |
| Gitea Issues | Set up with your Gitea repository details, instance URL, and API token |
| Jira | Set up with your Jira project key, instance URL, email, and API token |
Issue tracker configuration is per-repository. You set it up when adding or editing a repository.
Deduplication
Issues are deduplicated using the same fingerprint hash that deduplicates findings. This means:
- If the same vulnerability appears in consecutive scans, only one issue is created
- If a finding is resolved and then reappears, the platform recognizes it and can reopen the existing issue rather than creating a duplicate
- Different findings (even if similar) get separate issues because their fingerprints differ based on file path, line number, and vulnerability type
Linked Issues in Finding Detail
When viewing a finding's detail page, you will see a Linked Issue section if an issue was created for that finding. This provides a direct link to the external tracker issue, making it easy to jump between the security context in Certifai and the development workflow in your tracker.