Making the Mitigations Field Read-Only

Ticketing Systems

Veracode recommends that you do not allow the Jira users in your organization to edit the Mitigations field of the security finding tickets.

Use this procedure to change the Mitigations field to read-only access:
  1. If you are using Jira 6.3 or later, install Script Runner 3.0.4 or later from the Atlassian Marketplace at https://marketplace.atlassian.com/plugins/com.onresolve.jira.groovy.groovyrunner. If you are using Jira 6.2, download the .jar file from https://marketplace.atlassian.com/plugins/com.onresolve.jira.groovy.groovyrunner/versions and install it manually by going to Administration > Add-ons > Manage add-ons and clicking Upload add-on.

    After the plugin installs:

  2. Go to Administration > Add-ons and in the left menu, click Behaviours.
  3. In the Add Behaviour section, in the Name field enter Make Mitigation Status and Comments read-only and click Add.
  4. Click Add Mapping for the new behavior you just created.
  5. In Choose Projects, select All and then select Add Mapping.
  6. Click Fields for the behavior, and then click Enable.
  7. In the Add Field section, select Mitigation Status and Comments and click Add.
  8. For the Writeable field, select Readonly.