Usage

The app scans and detects the following type of secrets within a Jira issue. See FAQ for more information on the list of patterns used for secret detection.

• Technology credentials and secrets

  • Access tokens (ex. Google) and API keys, private keys, SSH keys, and many other technology secrets are identified.

  • Attachments are scanned for common secret filenames and extensions (ex. .pem, .env, .keychain) associated with secrets.

• Personal identifiable information

  • Example: Social security number (U.S.)

• Credit card numbers

  • Commonly used credit card patterns, such as Visa, Mastercard, American Express, et al. are identified in text.

• Attachment and Comment content located in a Jira issue is also scanned for secrets

A Secrets field will be visible in the Jira issue that will report whether any secrets have been detected.

Hovering over the elements in the Secrets field will provide additional information such as a description and example of the secret type.

Open

​Notification via an email will happen when a new issue, new comment or new attachment is added that includes secrets.

The reporter of the issue will receive an email notification when a new issue is created with secrets. In addition, the author of the comment or attachment will receive an email notification when a new comment or new attachment is added that includes secrets.

The app can also scan projects on demand with the Project Scanner

By choosing No More Secrets Project Scanner from the Apps option in the nav bar, you can initiate a scan of projects for issue secrets. This provides a central location for determining the status of entire projects or even a workspace.

Includes a Basic and JQL Search filter to provide you with flexible filter options.

Examples of a JQL queries include:

This example will give you issues created from Jan 1st to April 1st.

This example will give you issues created in the last five days with a status of Done.

For more regarding JQL query guidance, click here.

Open