Automatically Flag Security Vulnerabilities in Jira
A code scanning alert fires in GitHub. Within seconds, it's a tracked, prioritized task in Jira.
Trigger
New Code Scanning Alert Created
Triggers when a new code scanning alert is created in a repository. Fires an event for each newly created code scanning alert detected in the configured repository. Alerts can be filtered by Git reference, scanning tool, state, and severity. The payload includes the alert number, rule details, tool information, state, severity, and the location of the most recent instance.
Action
Create Issue
Creates a new jira issue (e.g., bug, task, story) in a specified project.
Why this helps
Code scanning alerts pile up in GitHub's security tab, which most developers don't check regularly. By the time a vulnerability is discovered, it may already be in production. Centralized threat tracking requires manual updates.
- Respond to vulnerabilities in minutes, not weeks
- Keep all security issues visible and prioritized in Jira
- Automate alert ingestion without manual tagging
- Build accountability for security fixes
Setup
Build it in a few focused steps.
- 1Connect GitHub and Jira integrations to Notis.
- 2Create an automation: 'When a new code scanning alert is detected, create a high-priority security issue in Jira.'
- 3Set trigger to 'New Code Scanning Alert Created' and action to 'Create Issue'.
- 4Configure to watch your main branch or all branches, depending on your risk tolerance.
- 5Test by enabling code scanning on a test repository and pushing code with intentional issues.
Questions about this workflow
What alert types are supported?
All alerts detected by GitHub's code scanning tools, including those from CodeQL, Semgrep, and third-party providers.
Can I filter by severity?
Yes—use your plain-language prompt to trigger only on critical or high-severity alerts.
Do I get false positives?
Code scanning tools are generally accurate, but you can configure the automation to tag uncertain alerts for review.
When this happens · Trigger
Do this · Action
Supported Triggers and Actions
Notis builds workflows that link GitHub to Jira. A trigger fires from one place; an action lands in another.
GitHub triggers
Jira actions
New Workflow Artifact Created
Triggers when a new workflow artifact is created in a GitHub repository. Monitors for newly created GitHub Actions workflow artifacts. Optionally filters by artifact name to restrict monitoring to specific artifacts.
Add Attachment
Uploads and attaches a file to a jira issue.
Branch Changed
Triggers when a GitHub branch changes. Monitors a specific branch for: - New commits pushed (head commit SHA changes) - Protection status toggled (branch becomes protected or unprotected) - Protection settings changed, including: required status checks and their enforcement level, admin enforcement, required pull request reviews (dismiss stale reviews, code owner reviews, approving review count, last push approval), required linear history, force push allowance, deletion allowance, conversation resolution, branch locking, and fork syncing.
Add Comment
Adds a comment using atlassian document format (adf) for rich text to an existing jira issue.
New Branch Created
Triggers when a new branch is created in a GitHub repository. Detects newly created branches. Deleted branches do not fire events.
Add Watcher to Issue
Adds a user to an issue's watcher list by account id.
Check Run Status / Conclusion Changed
Triggers when a specific GitHub check run changes its status or conclusion. Monitors a single check run for changes to: status (queued, in_progress, completed, etc.), conclusion (success, failure, neutral, cancelled, skipped, timed_out, action_required), started_at, and completed_at.
Assign Issue
Assigns a jira issue to a user, default assignee, or unassigns; supports email/name lookup.
Check Suite Status / Conclusion Changed
Triggers when a GitHub check suite changes its status or conclusion for a given ref. Monitors all check suites associated with a git reference (branch, tag, or commit SHA) for changes to status (queued, in_progress, completed, etc.) and conclusion (success, failure, neutral, cancelled, skipped, timed_out, action_required, startup_failure, stale). Optionally filters by GitHub App ID.
Bulk Create Issues
Creates multiple jira issues (up to 50 per call) with full feature support including markdown, assignee resolution, and priority handling.
New Code Scanning Alert Created
Triggers when a new code scanning alert is created in a repository. Fires an event for each newly created code scanning alert detected in the configured repository. Alerts can be filtered by Git reference, scanning tool, state, and severity. The payload includes the alert number, rule details, tool information, state, severity, and the location of the most recent instance.
Create Issue
Creates a new jira issue (e.g., bug, task, story) in a specified project.
New Repository Collaborator Added
Triggers when a new collaborator is added to a GitHub repository. Monitors the full list of collaborators on a repository and fires an event for each newly added collaborator. The payload includes the collaborator's GitHub username, account ID, profile URL, avatar URL, permission flags (pull, triage, push, maintain, admin), and assigned role name.
Link Issues
Links two jira issues using a specified link type with optional comment.
Commit Event
Triggered when a new commit is pushed to a repository.
Create Project
Creates a new jira project with required lead, template, and type configuration.
Connect any two apps with Notis in the middle.
Not just GitHub and Jira. Any combination from 985+ integrations.
When this happens · Trigger
Do this · Action
Save your first hour today.
7 days free trial with 20$ free usage included.
No card. Works with personal or business Jira.
