Configure Findings Import

Ticketing Systems

About this task

To configure the Veracode Integration for Jira Cloud settings for importing Jira findings:

Procedure

  1. Go to Jira settings > Apps > Veracode Integration > Findings Import.
  2. In the Import section, select the type of findings to be imported.
  3. In the Filter Import By section, from the following criteria, select which findings you want to import:
    All findings
    From all scans, including closed findings
    Only findings from the most recent scan
    All open findings that were found in the most recent scan
    All unmitigated findings
    From all scans, including closed findings
    Only unmitigated findings from most recent scan
    All open, unmitigated findings from most recent scan
    All findings that affect policy
    All open findings from all scans that affect policy
    All unmitigated findings that affect policy
    All unmitigated, open findings from all scans that affect policy
    Veracode recommends that you set the Filter Import By setting to either:
    • Only unmitigated findings from most recent scan
    • All unmitigated findings that affect policy

    During each import, the integration checks previously imported findings to verify if it can close the findings. For example, if you select the import selection criteria Only findings from the most recent scan and the most recent scan resulted in a flaw that was fixed or mitigated, the integration closes the Jira issue for this particular flaw.

  4. In the Import Static and Dynamic Findings As field, select the issue type, for example, bug, task, epic, or story.
  5. In the Import Issues Into section, from the dropdown menu, select the Veracode custom field name that contains the name of the Jira project.

    The custom metadata field is located in the Veracode Platform on the Metadata page of the application.

    The second option, Use the value found in the Veracode custom field, only imports findings for one specific project that you have entered in the custom metadata field.

    Note: You cannot enter custom metadata for sandbox scans of the application using the Veracode Platform. If you want to provide custom metadata for sandbox scans, use the updatesandbox API.
  6. In the Add Values to Issues section, select the labels you want to add to the tickets for each imported finding, including a custom string you can enter, and indicate whether or not to assign the ticket to the next fix version scheduled for your Jira project.

    You can assign findings to the next fix version of your software build, add a custom label to help you triage or sort your findings, and add a label that is the CWE corresponding to the kind of finding it is.

  7. If you selected the Sandbox findings in Step 2, select your preferences in the Import Sandbox Issues Into and Add Values to Sandbox Issues fields.
  8. In the JIRA User field, enter the Jira username of the person who can create and modify the issues.

    This user account must have the necessary permissions for all Jira projects that the integration imports findings into.

  9. To verify the user account, click Test JIRA User.
  10. Click Save.
  11. If prompted by Jira, perform a re-index. However, Veracode does not recommend re-indexing when not required.

Results

The Import Settings section reports any errors detected in your configuration. If there are no errors, the configuration is complete for importing Jira findings using the Veracode Integration for Jira Cloud.