Mapping Veracode Fields to Jira Fields

Ticketing Systems

The Veracode Integration for Jira and the Veracode Integration for Jira Cloud can map data from custom fields in the Veracode Platform to fields in Jira or Jira Cloud issues. The integration can also map values from the Veracode Detailed XML Report.

To improve the import of Veracode findings into your Jira or Jira Cloud issues, you can map Custom Field 1–Custom Field 10 in the Veracode Platform to standard or custom fields in Jira or Jira Cloud issues.

When importing findings to Jira or Jira Cloud, the integration imports the values from the mapped Veracode fields, including data from the Veracode Detailed XML Report (detailedreport.xml). The integration has specific requirements for data types in Veracode fields and field types in Jira and Jira Cloud.

After adding field mappings, during the findings import process, the integration:
  • Applies the mappings.
  • Updates the values in Jira or Jira Cloud fields with any changed values in Veracode fields.
  • Overrides any default values in Jira or Jira Cloud fields with the values in Veracode fields.
  • Logs a warning message (WARN) in the Jira or Jira Cloud logs for any invalid Veracode field value. The import process omits these values and continues, uninterrupted.

Veracode Platform Fields

The Veracode Platform provides these categories of default fields for Jira and Jira Cloud:
Common Fields
Information pertaining to a specific Veracode application and also applicable to static analysis and SCA findings
Static Fields
Details for static analysis, dynamic analysis, and manual penetration test scan results
SCA Components
Security findings details for SCA components
SCA Vulnerabilities
Security findings details for SCA vulnerabilities
This image shows the fields in the Veracode Platform that you can map to fields in Jira.


Jira Fields

The following table lists the standard fields in Jira and Jira Cloud that you can map to Veracode custom fields in the Veracode to Jira Field Mappings page.
Standard Field Details
Affected Version/s  
Assignee User assigned to the issue. The Veracode Integration for Jira uses these criteria when populating the Assignee field in Jira:
  • If the Assignee field is mapped to a Veracode custom field and the value is a valid username in Jira, the Assignee field value is that username. The custom field value must be a valid username in Jira and cannot be the user display name or full name.
  • If the Assignee field is mapped to a Veracode custom field, but the custom field value is blank or is not a valid username, the Assignee field value is Unassigned.
  • If neither the Assignee field nor the Component/s field are mapped to a Veracode custom field, the Assignee field value is the default assignee value of the Jira project.
  • If the Component/s field is mapped to a Veracode custom field, the Assignee field value is the default assignee value assigned to the component in Jira. If the Component/s field contains multiple components:
    1. The integration alphabetizes the components by name.
    2. The Assignee field value is the default assignee value from the first component value in the alphabetized list.
Component/s Comma-separated list of component values defined in custom fields in the Veracode Platform. Use the following format for each component:
<ComponentName>:<ComponentDescription>:<ComponentLeadName>:<DefaultAssigneeType>
For example:
ComponentA:ComponentAdesc: :0,ComponentB:ComponentBdesc:Carl:1
This example defines these components:
  • ComponentA has a description, no component lead (empty value), and uses the project default (0) for the assignee.
  • ComponentB has a description and uses Carl for both the component lead name and default assignee (1).

If you omit part of the string, enter a space after each colon for an omitted value. For example, if you only specify a component called comp1: comp1: : :

For the default assignee type, use these numeric values:
  • 0 (or empty) for Project Default
  • 1 for Component Lead
  • 2 for Project Lead
  • 3 for Unassigned
The numeric values correspond to the actual default assignee type values, such as Project Default or Component Lead, in Jira or Jira Cloud. See the Jira or Jira Cloud documentation.
Description Adds the finding (flaw) description value from the Veracode detailedreport.xml file and appends it to the existing description in the issue.

The Description (overwrite) option replaces the Description field in Jira or Jira Cloud with the value from the selected field in the Veracode Platform. If the selected field in the Veracode Platform is empty, the mapping erases the contents of the Description field in Jira or Jira Cloud.

Environment  
Fix Version/s  
Issue Type Issue type, such as story, bug, or epic. If there is no mapping for this field, the integration uses the issue type set in Jira or Jira Cloud.
Labels Comma-separated list of labels to add to the issue. These labels do not affect any existing labels. During import, the integration removes any spaces between labels and concatenates any strings.
Original Estimate Original estimate of the work required to resolve this issue. To map this field, you must have Time Tracking configured on the screen.
Reporter User designated as the reporter for an issue. If there is no mapping for this field, the integration uses the reporter specified in Jira or Jira Cloud.
Time Spent Time spent working on an issue. The value is based on the Time Tracking setting in Jira or Jira Cloud. You can set the default unit to Minute, Hour, Day, or Week. The integration converts the input long value to the default unit. To map this field, you must have Log Work configured in Jira or Jira Cloud.

Data Types and Field Types

The integration supports importing string, number, and date/time data types from Veracode fields to text, number, and date/time field types in Jira or Jira Cloud. On the Veracode to Jira Field Mappings page, when you select a Veracode field or Jira field, you see the supported data type or field type below your selection.


When adding a custom field in Jira or Jira Cloud, you select a field type. The integration supports these field types only:




  • Date Time Picker: if the value from the Veracode Platform is in a custom field, which uses free-form text, the value must be in this format: dd/MMM/yy HH:mm. For example, 14/Jan/20 11:52
  • Number Field: if the value from the Veracode Platform is in a custom field, which uses free-form text, the value must be an integer or decimal.
  • Select List (single choice): Veracode Integration for Jira only. The Veracode Integration for Jira Cloud does not support this field type.
  • Text Field (multi-line)
  • Text Field (single line)
If you select an unsupported field type, Jira and Jira Cloud accept it without error, but you cannot select it from the Veracode Platform dropdown menu on the Veracode to Jira Field Mappings page. For text fields only, the integration imports any Veracode field values of -1 with square brackets. For example, [-1]. All other negative values import to text fields without square brackets.