Jira & Linear tickets Starter+¶
Auto-create a ticket in your team's tracker for every validated finding. Reduces MTTR because the work item lands where engineers already triage.
| Tracker | Auth | Where to find credentials |
|---|---|---|
| Jira | Email + API token (Basic Auth) | id.atlassian.com → Security → API tokens |
| Linear | API key | Linear → Settings → API → Personal API keys |
You can enable both — each gets its own ticket per finding.
Jira¶
Set up¶
- Generate a Jira API token at id.atlassian.com. Copy it.
- Find your Jira project's project key (e.g.
SECfor a Security project — visible in URLs and the project header). - In CredWatch: Profile → Notifications → Ticket integration → Jira:
- Jira URL —
https://your-org.atlassian.net(no trailing slash, no/rest/...) - Project key — e.g.
SEC - Email — the email of the user who generated the token
- API token — paste it
- Jira URL —
- Click Save, then Send test — a test Bug should be created in your Jira project within seconds.
What's in the ticket¶
- Title —
[CredWatch] {pattern_name} exposed in {repo} - Type — Bug
- Priority — derived from finding score:
- 90+ → Critical
- 75–89 → High
- 60–74 → Medium
- Description — service, masked credential, source URL, file path, line, validation status, link back to the CredWatch finding detail page
Updating your credentials¶
If you need to rotate the Jira API token, paste the new one in the API token field and save. Leaving the API token field blank when saving keeps the existing token (lets you update other fields without rotating the credential).
Linear¶
Set up¶
- Generate a Linear API key under Settings → API → Personal API keys. Copy it.
- Find your Team ID: in Linear's API console run
query { teams { nodes { id, name } } }, or copy it from a team URL. - In CredWatch: Profile → Notifications → Ticket integration → Linear:
- API key — paste it
- Team ID — the UUID from step 2
- Click Save, then Send test.
What's in the ticket¶
- Title — same format as Jira
- Priority —
1(Urgent) for score 90+,2(High) for 75–89,3(Medium) for 60–74 - Description — same content as Jira
Deduplication¶
CredWatch tracks per-finding ticket creation in its own audit table. Each finding gets at most one ticket per integration — re-running scans won't spam your tracker.
If you delete a CredWatch-created ticket and need a fresh one, contact support — we'll clear the dedup record.
What fires¶
Same threshold as the rest of the alert stack:
validation_status = validcomposite_score ≥ ALERT_SCORE_THRESHOLD(60 by default)status = active
Tickets fire during the daily digest at 08:00 UTC and also immediately for findings scoring 80+ (or whatever your immediate-alert threshold is set to).
Removing the integration¶
To stop ticket creation, click Remove on either card. The API token / API key is deleted from our database (Fernet-encrypted while it lives there).
If you need a tracker we don't yet support (Asana, Trello, ServiceNow, etc.), use the outbound webhook and post into your tracker's API from your own service. Tell us at [email protected] which tracker would be most useful — we add integrations based on customer demand.