Skip to content

Jira Server - On-Premise

The Jira Server (On-Prem) integration enables SailPoint Entro to detect and monitor exposed secrets within your Jira environment — including issues, comments, and attachments — without altering or storing project data.


Overview

SailPoint Entro connects to your on-prem Jira Server through a local Worker running within your environment. All communication between the Worker and SailPoint Entro occurs securely over HTTPS/TLS, ensuring your Jira data never leaves your network.

Architecture Diagram

Entro Security Cloud
   ↕ (Secure connection via On-Prem Worker)
Jira Server (On-Prem)

Installation & Configuration

  1. Prerequisites

    Before integrating Jira Server with SailPoint Entro:

  2. Configure the Integration in SailPoint Entro

    1. In the SailPoint Entro Dashboard, go to Management → Accounts & Integrations → Add New Account (top right) → Atlassian

    2. Enter:

      • Base URL: e.g., https://jira.internal.company.com

      • Access Token: the PAT for your integration user

      • Worker Group: select a connector that is active

      • Make sure to select Self Managed

    3. Click Create Account to verify connectivity.

  3. Initial Scan

    After setup, initiate the first scan manually or allow the default scheduler to begin automatically.

    • Scans use Jira’s REST API to collect metadata and content.

    • Only text‑based data is processed locally by your Worker.

    • Findings metadata is sent securely to SailPoint Entro Cloud for classification.


System Requirements

Component Requirement
Jira Version 8.0+
API Access /rest/api/2/ enabled
Network Outbound HTTPS (443) from Worker to SailPoint Entro
Authentication Personal Access Token (PAT)
Permissions Browse Projects, View Issues, View Attachments

Managing Findings

Detected secrets appear in the Findings Dashboard within SailPoint Entro. Each finding includes:

  • Project name and issue key

  • Secret type (e.g., AWS key, database password)

  • Exposure level (generic or confirmed)

  • Direct Jira links for remediation

From the dashboard, you can:

  • Assign or comment on findings

  • Sync with Jira tickets for tracking

  • Mark false positives as resolved


Generic vs Exposed Secrets

Type Definition Example
Generic Secret Pattern‑matched value that may represent a secret. password=abcd1234
Exposed Secret Verified secret exposed in accessible content. AWS_SECRET_ACCESS_KEY=ABCD12345XYZ

SailPoint Entro classifies secrets to reduce noise and surface only actionable exposures.


Data Privacy & Security

SailPoint Entro never stores raw Jira issue content or attachments. All scanning occurs within your environment via the local Worker. Only metadata and findings are securely transmitted to SailPoint Entro Cloud.

🔒 Compliance Alignment

  • SOC 2 Type II

  • ISO 27001

  • GDPR Compliant

  • Read‑only access enforced by token scope

Note

All communication between the on‑prem Worker and SailPoint Entro Cloud is encrypted (HTTPS/TLS). The Worker processes text-based content locally - raw content and attachments are not stored in SailPoint Entro Cloud.