Mapping Custom Fields in Jira Cloud

Ticketing Systems

The Veracode Integration for Jira Cloud can map custom fields in the application profile in the Veracode Platform to standard or custom fields in a Jira ticket.

To improve the import of flaws that Veracode finds into your Jira bug tickets, you can map the standard or custom Jira fields to fields in the Veracode Platform. The mappings do not affect any ongoing flaw synchronization processes. The Veracode Integration for Jira Cloud collects custom field values when the plugin processes detailedreport.xml.
Note: The mapping fails if the Jira field you attempt to map is not configured on an associated screen, as configured in the Custom Fields section of the Veracode Integration for Jira Cloud .

When you map custom fields to Jira fields, the process overrides any default values in the Jira issue. If the values in the custom fields are invalid, the default Jira value or an empty value takes its place and the flaw import process continues, uninterrupted.

The following table lists the standard Jira fields you can map to the Veracode custom fields.

Standard Jira Field Notes
Affected Versions  
Assignee If you create a mapping for Assignee but do not provide a value in the appropriate Veracode custom field, the integration uses the project assignee defined on the main configuration page.

The plugin validates this value against component values defined in the main configuration page. Use the following format:


For example, comp1:my_component:Mary:0

If you omit a part, enter a space after the colon. For example, comp1: : : . For the default assignee, which is 0 in the first example above, you enter one of these numeric values:
  • 0 (or empty)—Project Default
  • 1—Component Lead
  • 2—Project Lead
  • 3—Unassigned
The numeric values correspond to the actual default assignee options, such as Project Default or Component Lead, in Jira. See the Jira product documentation.
Description A value appended to the description value from the detailed report.

The Description (overwrite) option replaces the Description field in Jira with the value from the selected Veracode Platform field. If the selected Veracode Platform field is empty, the mapping erases the contents of the Description field in Jira.

Fix Version  
Issue Type If there is no mapping for this field, the plugin uses the reporter defined on the main configuration page.
Labels Separate the labels with commas. The plugin removes any spaces between labels and concatenates any strings. The plugin adds the labels to any labels, such as CWE, that are specified with the Labels settings on the Veracode Integration Custom fields page.
Original Estimate The original estimate of the work required to resolve this issue. To map this field, you must have Time Tracking configured on the screen.
Reporter If there is no mapping for this field, the plugin uses the reporter defined on the main configuration page.
Time Spent This value is calculated based on the Time Tracking setting in Jira. You can set the default unit to Minute, Hour, Day, or Week, and the input long value is converted to the default unit. To map this field, you must have Log Work configured on the main configuration page.

You can also map any custom field name from Jira but they must be string values.

If you want to map Jira custom fields to Veracode Platform fields, the only field definitions that are allowed on the Custom Field page are Select List (single choice) or Text Field (single line). If you select any other field, Jira Cloud accepts it and does not indicate an error. However, you cannot use this field to map a Veracode Platform field, and it is not included in the dropdown list of fields on the Veracode Integration Field Mapping page.

The Veracode Platform categories of default Jira fields are as follows:

Common Fields
Information pertaining to a specific Veracode application and also applicable to static analysis and SCA findings
Static Fields
Details for static analysis, dynamic analysis, and manual penetration test scan results
SCA Components
Security findings details for SCA components
SCA Vulnerabilities
Security findings details for SCA vulnerabilities
The Veracode Platform Jira fields also include the following custom fields:
  • Custom 1 – Custom 10

The following image shows the Veracode Platform Jira fields.