Exporting Findings
Security for Jira allows users to export CSV files containing findings in the projects for which they have administration privileges or, if they have been granted explicit app access, viewing privileges. This can be done when viewing a project’s Security Analysis by clicking the Export Project dropdown at the top:
There are two options, both of which are in CSV format:
A Findings export contains information about all findings, including both reviewed and un-reviewed findings
A Reviewed False Positives export contains reviewed false positives, including who reviewed them and when they were reviewed. Reviewed false positives are scoped per-project and apply to all future and past findings in the project that match exactly.
You can also export findings for a particular project, or for all projects you can administer, using the REST API.
Exporting, both from the Security Analysis page and from the REST API, is an audited event.
Redacting findings in exported reports
If you want to keep the full text of findings from appearing in exported reports, you can disable the Include full finding text in exported reports setting in the plugin settings page:
Disabling this option will remove the Text column from CSV exports, and will add two URL columns:
A link to the issue (focusing on the comment if the finding is in a comment)
A link to the Security Analysis of the issue