Home Features Pricing Documentation Services Contact DOWNLOAD
← Back to docs

GitHub and Jira

Connect GitHub for deploy and PR signals, and mirror SiteCMD findings into GitHub Issues or Jira.

GitHub and Jira are two integrations in one category because they overlap. GitHub gives you both repository signals (deploys, workflow runs, open PRs) and an issue tracker. Jira is purely a destination for tickets. SiteCMD treats them as a pair: the source of deploy data plus the destination for findings.

Ticket mirroring (creating issues in GitHub Issues or Jira from SiteCMD findings) requires Core or above. The repository signals on the GitHub side are free.

GitHub

GitHub connects via OAuth using GitHub’s device authorization flow. SiteCMD doesn’t ship with an embedded client secret (desktop apps can’t keep one safe), so the device flow is the right pattern: you confirm the authorization in your browser, the desktop app polls for the resulting token.

Setup

  1. Settings → Integrations → GitHub, click Connect.
  2. SiteCMD shows a short device code and opens github.com/login/device in your browser.
  3. Sign in to GitHub if you aren’t already, paste the device code on that page, and authorize SiteCMD.
  4. GitHub shows the scopes being requested:
    • repo (read repository data, including private repos)
    • read:org (read organization membership so private-org repos resolve correctly)
  5. Approve. SiteCMD’s polling picks up the token within a few seconds.
  6. Back in SiteCMD, enter the repository this project corresponds to in owner/repo format (e.g. vercel/next.js).
  7. Click Save.

You can use a single GitHub connection across multiple SiteCMD projects, with a different repo per project. GitHub tokens issued through device flow don’t expire unless revoked, but SiteCMD tracks creation time so you know how stale the connection is.

What it pulls

  • Workflow runs. Recent CI runs (success, failure, in-progress) for the repo.
  • Deployments. Recent deploys, environments, statuses. Used for “this issue appeared right after deploy abc123” correlation.
  • Open PRs. Currently open pull requests, with status checks summarized.
  • Latest release. The newest release tag if the repo uses GitHub Releases.

Where it shows up

  • Dashboard → Deploys card. Recent deploys with timing.
  • Events timeline. Each deploy, workflow failure, and release becomes an event in the project’s unified timeline.
  • Issues page. On Core and above, a scan finding that appeared after a specific deploy gets correlated to that deploy directly.

Mirroring findings to GitHub Issues

On Core and above, SiteCMD can create a GitHub issue from any scan finding. From the issue detail view in SiteCMD, click Send to GitHub. SiteCMD creates an issue in your linked repo with:

  • The finding title as the issue title
  • Severity, confidence, and category as labels
  • The fix guide (if available) as the issue body
  • A link back to the issue in SiteCMD

When you close the GitHub issue, SiteCMD doesn’t auto-mark the finding fixed. The next scan does that, when it confirms the underlying check now passes. This keeps the source of truth in the scan, not in your ticket queue.

Jira

Jira connects via API token plus your Jira site URL.

Setup

  1. Sign in to Atlassian’s account page.
  2. Click Create API token. Name it something obvious like “SiteCMD”.
  3. Copy the token.
  4. In SiteCMD, Settings → Integrations → Jira, click Connect.
  5. Enter:
    • Your Jira site URL (e.g. https://your-company.atlassian.net)
    • The email for your Atlassian account
    • The API token you just copied
  6. Pick the default project in Jira where SiteCMD should create new issues.
  7. Click Save.

What Jira does (and doesn’t) do

Jira is a ticket destination, not a data source. SiteCMD doesn’t read your existing Jira tickets, doesn’t pull velocity data, doesn’t surface other team activity. The integration is one-way: SiteCMD → Jira.

Mirroring findings to Jira

On Core and above, from any issue detail view in SiteCMD, click Send to Jira. SiteCMD creates a Jira issue with:

  • The finding title as the summary
  • Severity mapped to Jira priority (critical → Highest, high → High, etc.)
  • Category as a label
  • The fix guide as the description
  • A link back to SiteCMD

The created issue lands in the Jira project you set as default. You can override the project at send time.

Same as GitHub: closing the Jira issue does not auto-mark the SiteCMD finding fixed. The next scan does, by confirming the underlying check passes.

Why ticket mirroring is opt-in per issue

We deliberately don’t auto-mirror every finding into your ticket queue. Scan findings get noisy, especially on the first scan of a real site. The default workflow is: triage in SiteCMD, push the ones you’ve decided to actually work on into your existing tracker, leave the rest in SiteCMD.

If you change your mind and want bulk export, the Reports section can dump filtered findings as a CSV that you can import into either tool.

Disconnecting

Disconnecting GitHub removes SiteCMD’s OAuth token from your keychain. You can also revoke from GitHub: Settings → Applications → Authorized OAuth Apps → SiteCMD → Revoke.

Disconnecting Jira removes the stored API token from your keychain. To revoke the token entirely, delete it from your Atlassian account’s API tokens page.

Privacy

All GitHub and Jira requests go from your machine to their APIs directly. No SiteCMD server in between. SiteCMD stores deploy and workflow events locally for correlation; it doesn’t mirror your repo contents, your PR diffs, or unrelated tickets.

Ticket creation sends the finding title, severity, category, and fix guide. It doesn’t send your scan history, your other findings, or anything about your other projects.