Why isn't Security for Jira finding my passwords?
Generic password detection is turned off: If you're trying to have Security for Jira detect a password like
password="my password"
, it won't because generic password detection is turned off by default. Please refer to the Enabling and Disabling Scanning Rules page in the Security for Jira documentation to learn how to enable generic password detection.Scanning is turned off: Security for Jira may not be scanning your instance if the specific rule is turned off or scanning has been turned off. Please refer to Automatically Scanning New and Updated Projects section in the Security for Jira documentation to learn how to enable scanning.
Using a fake key to test the application: Security for Jira uses entropy filters to determine whether a key is fake. If you are using a fake key instead of a real one, it will not be detected. Please ensure that you are using actual keys in your code for them to be detected.
Key is in a screenshot: If your key is in a screenshot, it won't be detected as Security for Jira doesn't support OCR scanning yet.
Lack of generic rules for certain patterns: Some users have been expecting generic rules for certain patterns that Security for Jira does not have generic rules for. You can see a list of rules that Security for Confluence uses for scanning in the Built-In Scanning Rules page in the Security for Jira documentation. You can learn how to define your own custom rules in the Defining Custom Detection Rules page.