Exporting Findings

Security for Jira allows users to export CSV files containing findings in the spaces for which they have administration privileges. This can be done when viewing a space’s Security Analysis by clicking the Export dropdown at the top. The rule filter will also filter the exported findings.

Screenshot 2026-02-19 at 12.59.25 PM.png

There are two options, both of which are in CSV format:

  • A Findings export contains information about all findings, including both reviewed and un-reviewed findings.

  • A Reviewed Findings export contains reviewed findings, including who reviewed them and when they were reviewed. Reviewed findings that are scoped to a space will apply to all future and past findings in the space that match exactly.

Exporting findings from the dashboard

To export findings for all spaces for which you have administrator privileges, click the Export button at the top of the Soteri Dashboard:

Screenshot 2025-12-04 at 3.18.15 PM-20251204-212100.png

There are three options, all of which are in CSV format:

  • Dashboard Overview export contains the list of spaces visible on the dashboard together with their individual scan status, up to date status, and the number of unreviewed findings in that space.

  • All Findings export contains all findings for all visible spaces.

  • Reviewed Findings export contains reviewed false positives, including who reviewed them and when they were reviewed. Reviewed false positives that are scoped to a space will apply to all future and past findings in the space that match exactly.

Full findings in exported reports

If you want to add the full text of findings in exported reports, you can enable the Include full finding text in exported reports setting in the plugin settings page:

Enabling this option will add the Work item summary, Historical, Finding text, and Full text columns to CSV exports.

Screenshot 2026-01-21 at 1.30.31 AM.png

Deduplicate findings in exports

If you want to show every finding occurrence in your export reports, you can disable the Deduplicate findings in exports setting. Otherwise, findings will be presented once for every work item or comment they’re discovered in, even if they are discovered more than once in the history of that work item. This behavior presents an export similar to the layout of the Security Analysis page.

Screenshot 2026-01-21 at 1.32.04 AM.png

Columns in exported findings reports

Following are the column names in the exported reports, in order, most of which are self-explanatory:

  1. Work item key

  2. Work item summary

  3. Location type: FIELD, COMMENT, or ATTACHMENT

  4. Field name

  5. Comment ID: if the finding was from a comment.

  6. Edit timestamp: last edited time

  7. Historical: if this scan finding is historical. Excluded if the “Include full finding text in exports” setting is disabled.

  8. Rule name

  9. Confidence: for findings from Advanced AI Scanning , the confidence level reported by the model (0.0-1.0).

  10. Finding text: the exact match text of the finding. This can be used to review the finding; see Hiding false positives, revoked credentials, etc. . Excluded if the “Include full finding text in exports” setting is disabled.

  11. Reviewed?: if the finding is reviewed at space scope.

  12. Individually Reviewed?: if the finding is reviewed at field scope.

  13. Globally Reviewed?: if the finding is reviewed across all of Jira.

  14. Work item link: URL to the issue.

  15. Security analysis link: URL to security analysis page for that Space.

  16. Full text: the complete text of the fragment, or, if it is too long, then only the specific text that triggered the finding. Excluded if the “Include full finding text in exports” setting is disabled.