Configure Veracode Import Results Settings

Ticketing Systems

The Veracode Integration for Jira allows you to configure how security findings from Veracode scans are imported into Jira.

About this task

To configure your import results settings:

Procedure

  1. Go to Administration > Add-ons > Veracode Integration\Findings Import.
  2. In the Import section, select all of the types of findings to import into Jira.


    Note: If you do not select Sandbox static findings or Sandbox SCA findings steps 6 and 7 are disabled.
  3. In the Filter Import By section, select which findings you want to import from the following criteria:
    All findings
    From all scans, including closed findings
    Only findings from the most recent scan
    All open findings that were found in the most recent scan
    All unmitigated findings
    From all scans, including closed findings
    Only findings from the most recent scan
    All open findings that were found in the most recent scan
    All findings that affect policy
    All open findings from all scans that affect policy
    During each import, the integration checks previously imported findings to verify if it can close the findings. For example, if you select the import selection criteria Only findings from the most recent scan and the most recent scan resulted in a finding that was fixed, the integration closes the Jira issue for this particular finding.
  4. From the Import Static and Dynamic Findings As dropdown menu, select the issue type (for example, bug, task, improvement, or new feature) to apply to the ticket created for each imported static and dynamic finding.


    Note: For SCA findings, the integration imports components as stories and imports vulnerabilities for those components as subtasks of the related stories.
  5. In the Import Issues Into section, select the Jira project into which you want to import the security findings or select the Veracode custom field that maps to the appropriate Jira project.
    Veracode custom fields are configured in the Veracode Platform on the Metadata page of the application.
    Note: You cannot enter custom metadata for sandbox scans of the application using the Veracode Platform. If you want to provide custom metadata for sandbox scans, use the updatesandbox API.
  6. In the Add Values To Issues section, select the labels you want to add to the tickets for each imported finding, including a string that you can enter, and indicate whether or not to assign the ticket to next fix version scheduled for your Jira project.
  7. In the Import Sandbox Issues Into section, select the Jira project into which you want to import your sandbox findings or select the Veracode custom field that maps to the appropriate Jira project.
  8. In the Add Values to Sandbox Issues section, select the labels you want to add to the tickets for each imported sandbox finding, including a string that you can enter, and indicate whether or not to assign the ticket to next fix version scheduled for your Jira project.
  9. In the Automated Issue Management section, select whether you want to automatically close findings mitigated in the Veracode Platform or manually update the status of mitigated findings.
  10. In the JIRA User field, enter the Jira username of the person who can create and modify the issues. This user account must have the necessary permissions for all Jira projects that the integration imports findings into.
  11. Click Test JIRA User to verify the user account.
  12. Click Save to save your configurations.