Adding Project and Configuration Settings

Ticketing Systems

You must add default project and flaw collection settings to your Veracode TFS project configuration.

The Veracode TFS Flaw Synchronizer is compatible with Team Foundation Server 2012 and 2013. To use the Veracode TFS Flaw Synchronizer, you must configure the security and flaw import settings.

To configure security for the flaw synchronizer, add the Windows user account that the flaw synchronizer will use to connect to the TFS server to the Team Foundation Service Accounts TFS group by running a command similar to the following:

TFSSecurity /g+ "Team Foundation Service Accounts" [domain]\[username] /server:https://[hostname]:[port]/tfs

TFSSecurity.exe is located in the Visual Studio installation directory. For example, for Visual Studio 2012 the file is in the following directory: C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE.

To configure the Veracode TFS Flaw Synchronizer flaw import settings:

  1. Go to Start > All Programs > Veracode TFS Synchronizer.
  2. Enter the TFS web access URL that you use to access the TFS site from a browser. For example, https://[hostname]:[port]/tfs.
  3. Enter the TFS username and password of the Windows user account that the Veracode TFS Flaw Synchronizer uses to connect to the TFS server.
  4. Enter the custom field for the TFS team project collection. This field is the custom field in the Veracode application profile that references the name of the TFS team project collection into which the flaws are imported. The name of the custom field can be Custom 1, Custom 2, Custom 3, Custom 4, or Custom 5.
  5. Enter the custom field for the TFS team project. This field is the custom field in the Veracode application profile that references the name of the TFS team project into which the flaws are imported. The name of the custom field can be Custom 1, Custom 2, Custom 3, Custom 4, or Custom 5.
  6. Enter your Veracode Platform username and password or API ID and key credentials for the user account that the Veracode TFS flaw synchronizer uses to connect to the Veracode Platform.
  7. Specify if all flaws should be imported by entering Yes or No.
  8. Enter a work item label, if necessary.
  9. Specify the flaw import option by entering one of the following:
    • 1 : All Flaw Imports
    • 2 : All Flaws Affecting the Policy Import
    • 3 : All Unmitigated Flaws Imports
    • 4 : All Unmitigated Flaws Affecting the Policy Import


  10. Specify if the Veracode TFS Flaw Synchronizer is to import flaws on a scheduled basis by entering Yes or No.
  11. To specify the flaw import schedule, enter one of the following:
    • 1 : Hourly
    • 2 : Weekly
    • 3 : Daily
  12. Choose one of the following save options:
    • 1 : Save your settings and start the import.
    • 2 : Save your settings and exit the TFS flaw synchronizer

You can verify the scheduled import process by running the TFS flaw synchronizer command line tool.

After the TFS flaw synchronizer has imported flaws, you can view the work items it created by logging into TFS and going to Menu > Work Items.