Jira logo mark

Security for Jira

Secret Scanner to Discover Sensitive Information Published in Jira

Over 200,000 people rely on Soteri to audit, detect, and remove secrets from Atlassian products.

Soteri Is Protecting Top Companies

Trusted by the Fortune 500 because we don't phone home like other competing brands.

What will an attacker find in Jira?

How Stolen credentials then privilege escalation from support system.

Result $2 billion in damages

How Employee with Jira access made a mistake that let to leaked credentials.

Result HIPPA violation

How Misconfiguration in Jira led to sensitive documents leaked to the public.

Result Leaked plain text creds

Allows authenticated attackers to initiate an XML External Entity injection attack on Jira.

Allows an attacker to impersonate another user and gain access to a Jira instance.

Allows unauthenticated attackers to remotely execute code on Jira instances.

Assume an attacker is in your systems...

Whether from a new CVE or something else.

What will they find?

Shield and a globe


Soteri respects data sovereignty, ensuring your sensitive information remains secure, confined and never transmitted elsewhere.

Phone off icon

Jira Data Center

Soteri respects data sovereignty, ensuring your sensitive information remains secure, confined and never transmitted elsewhere. In other words, we don't phone home.

Enhanced Jira Security

A plug-and-play Jira security app that scans your projects, issues, comments, attachments, and issue history for sensitive information so that common mistakes are caught before they are exploited by attackers.

No need to worry about 3rd party vendor compliance or reliability since Soteri's secret scanning is hosted within your Jira Data Center instance. Installation takes only 30 seconds.

How it Works

Three Easy Steps to Secure Jira Data Center

Adding secret scanning to your security testing is simple with Security for Jira.

1. Audit

Put your security on autopilot with scheduled audits or trigger manual audits.

Routine secret scanning audits are key to ensuring Jira security issues are identified ASAP.

2. Detect

Discover secrets, before the attacker with built-in and customizable scanning rules.

Keep Jira projects, issues, comments, attachments, and issue history free of API keys, passwords, and much more!

3. Secure

Secure your systems to prevent data breaches by changing and removing your secrets.

View the docs for more info on handling discovered secrets.


Built to Maximize Your Jira Security

Eyes looking at code

Project, Issue, and Comment Scanning

Run automated scans that detect sensitive data in projects, issues, attachments, and comments. This enhanced secret scanner also scans issue history to find vulnerabilities in high-risk areas.

Find a false positive? Ignore it with a press of a button.

Scanning for...
API badge
Pencil drawing a key

Find Commonly Leaked Secrets, and Then Some

Have confidence in your Jira secret scanning as 40+ secrets are automatically detected. Add unlimited custom rules (via regex) to detect other sensitive information. We automatically detect SSH keys, private keys, API keys, credentials, financial information, and much more.

Person looking at code

Downloadable Reports of Scan Findings

Export the secret scanning findings into a CSV report that’ll break down every secret and where they were found.

Issue key
Scanning Jira...
Exporting CSV...
Dev secret found...
Alerting dev team...
Checklist for protection

REST API for Scripting and Automation

Use the API to create automations that scan your Jira projects, download the results, and automatically notify people about them. For more complex workflows, you can automate alerting the proper person/team depending on the secret found or where it was found.

Shield and a globe

Demonstrate compliance for GDPR, CAIQ, and More

Running automated scans to identify security issues can help you gain and demonstrate compliance for GDPR, CAIQ, and multiple other security standards.

Be Confident in Your Cloud

Without Soteri

  • Secrets get published
  • Attackers gain access to sensitive info
  • Financial damages in the billions of dollars
  • Damaged company reputation

With Soteri Scanning

  • Find sensitive info before hackers do
  • Protect PII and financial information
  • Comply with HIPAA and GDPR
  • Be proactive instead of reactive

Security for Jira FAQs

Here's more information about Security for Jira.
Need something else? Start a chat in the bottom right.

Which secrets does Security for Jira look for?

The software automatically detects over 40 secrets in Jira. Here's a full list of the secrets we scan for. You can easily add additional rules in the UI using regex.

Is my data private?

Yes! Soteri respects data sovereignty, ensuring your sensitive information remains secure, confined and never transmitted elsewhere. In other words, we don't phone home.

Does this work with Jira Cloud?

Not at this time, although we have it on our backlog to support Jira Cloud secret scanning. We currently support Jira Data Center. If you want to scan Jira Cloud, check out our Scanning Service which is an API you can integrate into your workflow that scans any service for security vulnerabilities.

Do you offer support?

Yes, 24 hours a day. Through our support portal you can get in touch with us, report a bug, suggest a feature, and more!

What happens if Security for Jira finds sensitive data?

All secrets detected by a security scan should be considered compromised. We recommend changing the secret (e.g., reseting passwords or rotating API keys), and removing it from Jira. Here are the full docs for more info.

Are secrets lurking in Jira? Scan now!