The Veracode Integration for Jira and the Veracode Integration for Jira Cloud can map data from custom fields in the Veracode Platform to fields in Jira or Jira Cloud issues. The integration can also map values from the Veracode Detailed XML Report.
To improve the import of Veracode findings into your Jira or Jira Cloud issues, you can map Custom Field 1–Custom Field 10 in the Veracode Platform to standard or custom fields in Jira or Jira Cloud issues.
When importing findings to Jira or Jira Cloud, the integration imports the values from the mapped Veracode fields, including data from the Veracode Detailed XML Report (detailedreport.xml). The integration has specific requirements for data types in Veracode fields and field types in Jira and Jira Cloud.
- Applies the mappings.
- Updates the values in Jira or Jira Cloud fields with any changed values in Veracode fields.
- Overrides any default values in Jira or Jira Cloud fields with the values in Veracode fields.
- Logs a warning message (WARN) in the Jira or Jira Cloud logs for any invalid Veracode field value. The import process omits these values and continues, uninterrupted.
Veracode Platform Fields
- Common Fields
- Information pertaining to a specific Veracode application and also applicable to static analysis and SCA findings
- Static Fields
- Details for static analysis, dynamic analysis, and manual penetration test scan results
- SCA Components
- Security findings details for SCA components
- SCA Vulnerabilities
- Security findings details for SCA vulnerabilities
|Assignee||User assigned to the issue. The Veracode Integration for Jira uses
these criteria when populating the Assignee field in Jira:
|Component/s||Comma-separated list of component values defined in custom fields in the Veracode Platform. Use the following format for each
ComponentA:ComponentAdesc: :0,ComponentB:ComponentBdesc:Carl:1This example defines these components:
If you omit part of the string, enter a space after each colon for an omitted value. For example, if you only specify a component called comp1: comp1: : :
For the default assignee type, use these numeric values:
|Description||Adds the finding (flaw) description value from the Veracode detailedreport.xml file and appends it to the
existing description in the issue.
The Description (overwrite) option replaces the Description field in Jira or Jira Cloud with the value from the selected field in the Veracode Platform. If the selected field in the Veracode Platform is empty, the mapping erases the contents of the Description field in Jira or Jira Cloud.
|Issue Type||Issue type, such as story, bug, or epic. If there is no mapping for this field, the integration uses the issue type set in Jira or Jira Cloud.|
|Labels||Comma-separated list of labels to add to the issue. These labels do not affect any existing labels. During import, the integration removes any spaces between labels and concatenates any strings.|
|Original Estimate||Original estimate of the work required to resolve this issue. To map this field, you must have Time Tracking configured on the screen.|
|Reporter||User designated as the reporter for an issue. If there is no mapping for this field, the integration uses the reporter specified in Jira or Jira Cloud.|
|Time Spent||Time spent working on an issue. The value is based on the Time Tracking setting in Jira or Jira Cloud. You can set the default unit to Minute, Hour, Day, or Week. The integration converts the input long value to the default unit. To map this field, you must have Log Work configured in Jira or Jira Cloud.|
Data Types and Field Types
- Date Time Picker: if the value from the Veracode Platform is in a custom field, which uses free-form text, the value must be in this format: dd/MMM/yy HH:mm. For example, 14/Jan/20 11:52
- Number Field: if the value from the Veracode Platform is in a custom field, which uses free-form text, the value must be an integer or decimal.
- Select List (single choice): Veracode Integration for Jira only. The Veracode Integration for Jira Cloud does not support this field type.
- Text Field (multi-line)
- Text Field (single line)