By default, Security for Jira scans files attached to issues.
Most common document types are supported.
Any files which are 200MB or larger are skipped.
.gz) are not supported yet.
Supported File Types
Microsoft Word Documents
Microsoft Excel Spreadsheets
Microsoft Powerpoint Presentations
Microsoft OneNote Pages
Rich Text Documents
OpenOffice / LibreOffice Documents
OpenOffice / LibreOffice Spreadsheets
OpenOffice / LibreOffice Presentations
Plain text formats
Any extension not listed above is scanned as plain text. For example,
Enabling and Disabling Attachment Scanning
We recommend leaving attachment scanning enabled, for the best security coverage. Nevertheless, you can turn attachment scanning on or off by navigating to the settings page, and toggling the “Scan attachments” setting.
Exporting Information About Scanned Attachments
To get information about which attachments Security for Jira scanned, skipped, or failed to scan, you can export information about scanned attachments. These exports are CSV formatted with the following columns:
Scan status - will be one of the following:
Reason for not scanning - If the file is not scanned, then this will have a reason code:
Error message - an optional error message which may indicate why scanning the attachment failed.
From the Soteri Dashboard, you can export attachment scan information for all attachments in all projects you can view reports for:
From the Security Analysis page, you can export attachment scan information for a specific project:
You can also export this information using our REST API.