Automatically Flag Security Vulnerabilities in Jira

A code scanning alert fires in GitHub. Within seconds, it's a tracked, prioritized task in Jira.

Trigger

New Code Scanning Alert Created

Triggers when a new code scanning alert is created in a repository. Fires an event for each newly created code scanning alert detected in the configured repository. Alerts can be filtered by Git reference, scanning tool, state, and severity. The payload includes the alert number, rule details, tool information, state, severity, and the location of the most recent instance.

Jira logo

Action

Create Issue

Creates a new jira issue (e.g., bug, task, story) in a specified project.

Why this helps

Code scanning alerts pile up in GitHub's security tab, which most developers don't check regularly. By the time a vulnerability is discovered, it may already be in production. Centralized threat tracking requires manual updates.

  • Respond to vulnerabilities in minutes, not weeks
  • Keep all security issues visible and prioritized in Jira
  • Automate alert ingestion without manual tagging
  • Build accountability for security fixes

Setup

Build it in a few focused steps.

  • 1Connect GitHub and Jira integrations to Notis.
  • 2Create an automation: 'When a new code scanning alert is detected, create a high-priority security issue in Jira.'
  • 3Set trigger to 'New Code Scanning Alert Created' and action to 'Create Issue'.
  • 4Configure to watch your main branch or all branches, depending on your risk tolerance.
  • 5Test by enabling code scanning on a test repository and pushing code with intentional issues.

Questions about this workflow

What alert types are supported?

All alerts detected by GitHub's code scanning tools, including those from CodeQL, Semgrep, and third-party providers.

Can I filter by severity?

Yes—use your plain-language prompt to trigger only on critical or high-severity alerts.

Do I get false positives?

Code scanning tools are generally accurate, but you can configure the automation to tag uncertain alerts for review.

When this happens · Trigger

Do this · Action

Supported Triggers and Actions

Notis builds workflows that link GitHub to Jira. A trigger fires from one place; an action lands in another.

GitHub logo

GitHub triggers

Jira logo

Jira actions

New Workflow Artifact Created

Triggers when a new workflow artifact is created in a GitHub repository. Monitors for newly created GitHub Actions workflow artifacts. Optionally filters by artifact name to restrict monitoring to specific artifacts.

TriggerPolling

Add Attachment

Uploads and attaches a file to a jira issue.

ActionInstant

Branch Changed

Triggers when a GitHub branch changes. Monitors a specific branch for: - New commits pushed (head commit SHA changes) - Protection status toggled (branch becomes protected or unprotected) - Protection settings changed, including: required status checks and their enforcement level, admin enforcement, required pull request reviews (dismiss stale reviews, code owner reviews, approving review count, last push approval), required linear history, force push allowance, deletion allowance, conversation resolution, branch locking, and fork syncing.

TriggerPolling

Add Comment

Adds a comment using atlassian document format (adf) for rich text to an existing jira issue.

ActionInstant

New Branch Created

Triggers when a new branch is created in a GitHub repository. Detects newly created branches. Deleted branches do not fire events.

TriggerPolling

Add Watcher to Issue

Adds a user to an issue's watcher list by account id.

ActionInstant

Check Run Status / Conclusion Changed

Triggers when a specific GitHub check run changes its status or conclusion. Monitors a single check run for changes to: status (queued, in_progress, completed, etc.), conclusion (success, failure, neutral, cancelled, skipped, timed_out, action_required), started_at, and completed_at.

TriggerPolling

Assign Issue

Assigns a jira issue to a user, default assignee, or unassigns; supports email/name lookup.

ActionInstant

Check Suite Status / Conclusion Changed

Triggers when a GitHub check suite changes its status or conclusion for a given ref. Monitors all check suites associated with a git reference (branch, tag, or commit SHA) for changes to status (queued, in_progress, completed, etc.) and conclusion (success, failure, neutral, cancelled, skipped, timed_out, action_required, startup_failure, stale). Optionally filters by GitHub App ID.

TriggerPolling

Bulk Create Issues

Creates multiple jira issues (up to 50 per call) with full feature support including markdown, assignee resolution, and priority handling.

ActionInstant

New Code Scanning Alert Created

Triggers when a new code scanning alert is created in a repository. Fires an event for each newly created code scanning alert detected in the configured repository. Alerts can be filtered by Git reference, scanning tool, state, and severity. The payload includes the alert number, rule details, tool information, state, severity, and the location of the most recent instance.

TriggerPolling

Create Issue

Creates a new jira issue (e.g., bug, task, story) in a specified project.

ActionInstant

New Repository Collaborator Added

Triggers when a new collaborator is added to a GitHub repository. Monitors the full list of collaborators on a repository and fires an event for each newly added collaborator. The payload includes the collaborator's GitHub username, account ID, profile URL, avatar URL, permission flags (pull, triage, push, maintain, admin), and assigned role name.

TriggerPolling

Link Issues

Links two jira issues using a specified link type with optional comment.

ActionInstant

Commit Event

Triggered when a new commit is pushed to a repository.

TriggerInstant

Create Project

Creates a new jira project with required lead, template, and type configuration.

ActionInstant

Connect any two apps with Notis in the middle.

Not just GitHub and Jira. Any combination from 985+ integrations.

When this happens · Trigger

Do this · Action

Save your first hour today.

7 days free trial with 20$ free usage included.
No card. Works with personal or business Jira.