Documentation Index

Fetch the complete documentation index at: https://help.scrut.io/llms.txt

Use this file to discover all available pages before exploring further.

Set up a Scrut Monitor for Jira

Prev Next

In this guide, we walk you through the process of setting up Scrut Monitor to fetch a list of compliance issues from your Jira instance and attach them as automated evidence to evidence tasks.

Overview

This feature allows you to automatically fetch Jira issues as evidence in Scrut. You can set up Scrut Monitors to:

  • Run custom JQL queries on Jira at a set cadence (daily, weekly, monthly, etc.)

  • Automatically generate timestamped CSV/PDF files of issues

  • Attach these files as automated evidence to your Scrut evidence tasks

Prerequisites

How To Configure Scrut Monitor for Jira

Step 1: Access Evidence Tasks

  1. Sign in to Scrut and navigate to Compliance → Evidence Tasks using the left navigation panel.

  2. Click the All Evidences tab.

  3. Click on the evidence task for which you want to set up the Scrut Monitor to fetch Jira issues.

Step 2: Configure Scrut Monitor Workflow

  1. Click the Add/Upload Attachment button on the evidence details page.

  2. Click on the Scrut Monitor tab, and click the Configure button next to the Jira application.

  3. Enter a name for the Evidence and set the Evidence Type to “List of Issues.”

  4. The Filter By field is automatically set to JQL Query.

  5. From the Jira Site dropdown, select your preferred Jira workspace.

Step 3: Create and Validate Your JQL Query

Pro Tip!

Refer to Atlassian’s help documentation on how to perform advanced search with JQL query.

You can generate your preferred JQL query in Jira using one of these two methods:

  • With Atlassian Intelligence: Describe the work items you need in plain language, and AI will generate the JQL query for you.

  • With Basic Filters: Switch to the JQL view and enter your JQL query. A good starting point is to search for issues within a specific project. For example, to find all issues in a project with the key "PROJ," you would type:

    project = "PROJ"
  • As you type, Jira will provide auto-complete suggestions for fields, operators, and values, which can help you write your query correctly.

  • Add More Conditions: To narrow your search, you can add more clauses using logical operators like AND, OR, and NOT. For instance, to find all open bugs in "PROJ," you would add conditions for issue type and status:

    project = "PROJ" AND issuetype = "Bug" AND status = "Open"
    

    JQL is case-insensitive, so project and PROJECT will work the same.

  • Execute the Search: Once you have typed your query, click Enter to display the results.

Once you have the query in Jira, copy and paste it into the Query field in Scrut. Click Validate JQL to confirm if it works.

Step 4: Configure Cadence and Format

  1. Choose the Cadence (how often you want the Scrut Monitor to fetch the evidence from Jira). You can choose from: Once, Daily, Weekly, Monthly, or Yearly.

  2. Select the Evidence Type. Choose from PDF or CSV.

Step 5: Save the Workflow

  1. Select the Auto-publish evidence task checkbox to auto-publish the evidence task.

    Note: If left unselected, the task status will change to draft whenever the Scrut Monitor attaches new evidence, and you’ll need to publish it manually.

    Pro Tip!

    Leave it unchecked if you want to manually review the evidence before publishing.

  2. Click Save.

You can now see the Scrut Monitor attached to the evidence task.

What Happens Next?

Once you’ve configured the Scrut Monitor, it will automatically:

  • Run your JQL query on the scheduled cadence

  • Generate timestamped files (e.g., jira_issues_20252209.csv)

  • Attach the generated file to your evidence task

You can find the attached file in the Attachments section of the evidence details page. Click on it to open and view its contents.

The Automated Evidence tag indicates that the evidence type is automated, to distinguish from manual evidence.


FAQs

1: What’s included in the generated file attached as evidence?

The attachment file includes the following details:

  • Issue ID: Unique Jira identifier

  • Summary: Issue title/description

  • Assignee: Current person responsible

  • Status: Current workflow state

  • Jira Link: Direct link to the issue

  • Last Updated At: Last updated timestamp

2: Suggest a few best practices to maximize this feature.

Query Optimization

  • Be specific: Target only the issues relevant to your compliance needs

  • Start broad, then narrow: Begin with a wider query and refine based on results

  • Use date ranges: Include created >= -30d to focus on recent issues

  • Filter by labels: Use labels = "security-compliance" for tagged issues

Monitoring Tips

  • Regular review: Periodically check that your queries still capture relevant issues

  • Multiple monitors: Create separate monitors for different compliance areas

3: Share a few examples of when to use the Jira - Scrut Monitor.

Here are a few examples of when to use the Jira - Scrut Monitor to generate compliance proofs and attach them as evidence:

  • Incident Management – Show incidents are logged, tracked, and resolved in Jira.

  • Problem / RCA Tracking – Capture root cause analysis and corrective action tasks.

  • Change Management – Prove all changes are raised, reviewed, and approved.

  • Emergency Change Requests – Track urgent fixes with approvals.

  • User Onboarding / Offboarding – Show employees are provisioned and deprovisioned via Jira tickets.

  • Access Requests & Approvals – Evidence of access control workflows and approvals.

  • Vulnerability Management – Tickets for identified vulnerabilities and their remediation.

  • Risk Tracking – Risks logged and tracked as Jira issues.

  • Vendor Risk Management – Show due diligence and assessments via vendor-related Jira tickets.

  • BCP / DR Testing – Proof that business continuity or disaster recovery tests were executed.

  • Secure SDLC Activities – Tickets for security reviews, threat modeling, or secure code reviews.

  • Defect Tracking (Security Bugs) – Evidence that security-related bugs are identified and closed.

  • Asset Return (Exit Process) – Tickets confirming return of laptops, badges, and other assets on exit.