Nuclei can automatically create issues and export findings to various platforms through its reporting module. This enables seamless integration with your existing security workflows.
Supported integrations Nuclei supports two types of integrations:
Issue Trackers - Automatically create and manage issues:
GitHub Issues
GitLab Issues
Jira
Linear
Gitea
Data Exporters - Export scan results to:
Elasticsearch
Splunk
MongoDB
JSON/JSONL files
Markdown reports
SARIF format
Configuration file Create a reporting configuration file (e.g., reporting-config.yaml):
# GitHub Issues Integration github : - username : "your-username" owner : "org-name" token : "$GITHUB_TOKEN" project-name : "repository-name" issue-label : "security,nuclei" severity-as-label : true duplicate-issue-check : true # GitLab Issues Integration gitlab : - username : "your-username" token : "$GITLAB_TOKEN" project-name : "org/project" issue-label : "security" severity-as-label : true duplicate-issue-check : true # Jira Integration jira : - url : "https://company.atlassian.net" account-id : "account-id" email : "[email protected] " token : "$JIRA_API_TOKEN" project-key : "SEC" issue-type : "Bug" severity-as-label : true # Elasticsearch Export elasticsearch : - ip : "localhost" port : 9200 index : "nuclei-results" index-type : "_doc" # Optional authentication # username: "elastic" # password: "$ES_PASSWORD" # Splunk Export splunk : - host : "splunk.company.com" port : 8088 token : "$SPLUNK_TOKEN" index : "nuclei" source : "nuclei-scanner" source-type : "_json" # MongoDB Export mongodb : - connection-string : "$MONGO_URI" database : "security" collection : "nuclei-findings"
Using the configuration Run Nuclei with the reporting configuration:
nuclei -target example.com -rc reporting-config.yaml
GitHub integration Setup
Create a GitHub token
Go to GitHub Settings → Developer settings → Personal access tokens
Generate new token with repo scope
Save token as GITHUB_TOKEN environment variable
Configure reporting
github : - username : "john-doe" owner : "acme-corp" token : "$GITHUB_TOKEN" project-name : "security-findings" issue-label : "nuclei,vulnerability" severity-as-label : true duplicate-issue-check : true
Run scan
export GITHUB_TOKEN = "ghp_xxxxxxxxxxxx" nuclei -target example.com -rc github-config.yaml
Configuration options GitHub username for authentication
Repository owner (user or organization)
GitHub personal access token (use environment variable)
Repository name where issues will be created
Comma-separated labels to add to issues
Add severity (info, low, medium, high, critical) as label
Check for existing issues before creating new ones
Jira integration Setup
Get Jira credentials
Generate API token: Atlassian Account → Security → API tokens
Find your Account ID: Profile → Account Settings
Note your Jira project key
Configure Jira
jira : - url : "https://acme.atlassian.net" account-id : "557058:12345678-abcd-1234-abcd-123456789abc" email : "[email protected] " token : "$JIRA_API_TOKEN" project-key : "VULN" issue-type : "Security Bug" severity-as-label : true
Test integration
export JIRA_API_TOKEN = "your-api-token" nuclei -target example.com -rc jira-config.yaml
Custom fields Add custom Jira fields to issues:
jira : - # ... basic config ... custom-fields : customfield_10001 : "Security Team" customfield_10002 : "{{severity}}"
GitLab integration gitlab : - username : "security-bot" token : "$GITLAB_TOKEN" project-name : "group/project" issue-label : "security,automated" severity-as-label : true duplicate-issue-check : true
For GitLab self-hosted instances, add the base-url field with your GitLab URL.
Elasticsearch integration Basic configuration elasticsearch : - ip : "elasticsearch.company.com" port : 9200 index : "nuclei-{{date}}" index-type : "_doc"
With authentication elasticsearch : - ip : "elasticsearch.company.com" port : 9200 username : "elastic" password : "$ES_PASSWORD" ssl : true ssl-verification : true index : "security-findings"
Dynamic index names Use templates in index names:
index : "nuclei-{{date}}" # Creates: nuclei-2024-03-01 index : "nuclei-{{host}}" # Creates: nuclei-example.com
Splunk integration splunk : - host : "splunk.company.com" port : 8088 token : "$SPLUNK_HEC_TOKEN" index : "security" source : "nuclei" source-type : "_json" ssl : true ssl-verification : true
Use Splunk’s HTTP Event Collector (HEC) for best performance. Enable HEC in Splunk settings and generate a token.
MongoDB integration mongodb : - connection-string : "$MONGO_URI" database : "security" collection : "nuclei" # Optional: Update existing documents instead of inserting duplicates update : true
Connection string format:
mongodb://username:password@host:port/database mongodb+srv://username:[email protected] /database
Multiple integrations You can use multiple integrations simultaneously:
# Create GitHub issues AND export to Elasticsearch github : - username : "security-team" owner : "acme-corp" token : "$GITHUB_TOKEN" project-name : "vulnerabilities" severity-as-label : true elasticsearch : - ip : "localhost" port : 9200 index : "nuclei-{{date}}" splunk : - host : "splunk.acme.com" port : 8088 token : "$SPLUNK_TOKEN" index : "security"
Filtering findings Control which findings are reported:
github : - # ... config ... # Only create issues for high and critical severity severity-filter : - high - critical # Only specific templates template-filter : - "cves/" - "vulnerabilities/" # Exclude certain templates exclude-template : - "misconfiguration/"
Issue deduplication Nuclei includes built-in deduplication to avoid creating duplicate issues:
github : - # ... config ... duplicate-issue-check : true
Deduplication is based on:
Template ID
Target host
Matched value
Nuclei stores deduplication data in ~/.config/nuclei/reporting-db.json. This file persists across scans.
Workflow examples CI/CD security gates # Only create issues for high/critical findings jira : - url : "https://company.atlassian.net" token : "$JIRA_TOKEN" project-key : "SEC" issue-type : "Security Issue" severity-filter : - critical - high # Export all findings to Elasticsearch for analysis elasticsearch : - ip : "elastic.company.com" port : 9200 index : "ci-security-{{date}}"
Bug bounty automation # Track findings in Linear linear : - token : "$LINEAR_API_KEY" team-id : "TEAM-ID" project-id : "PROJECT-ID" severity-as-label : true # Export detailed results jsonl : - file : "findings-{{date}}.jsonl"
Troubleshooting
Check:
Token has correct permissions (e.g., repo for GitHub)
Project/repository exists and is accessible
Token is not expired
No rate limiting (check with -v flag)
Debug: nuclei -target example.com -rc config.yaml -v
Duplicate issues being created
Enable deduplication: duplicate-issue-check : true
Clear deduplication cache if needed: rm ~/.config/nuclei/reporting-db.json
Elasticsearch connection errors
Verify:
Elasticsearch is accessible: curl http://elastic:9200
Credentials are correct
SSL settings match your Elasticsearch config
Index pattern is valid
Test with: nuclei -target example.com -rc es-config.yaml -debug
Too many issues being created
Use filters: severity-filter : - critical - high template-filter : - "cves/"
Next steps
Authentication Set up authentication for secure integrations
Output options Learn about other output formats