Configuration File Customization

Ticketing Systems

This table details the elements in the veracode2agilecentral_config.xml file that you can configure to get the most value out of the Veracode Integration for CA Agile Central.

Tag Name Description Notes
<mapping>
<veracodeappname> Optional. Name of the application in Veracode.  
<veracodeappid> Required. Application ID of the application in Veracode.  
<agilecentralprojectname> Optional. Project name in CA Agile Central.  
<agilecentralprojectid> Required. Project ID in CA Agile Central.  
<flawimportfilter> Required. The filter applied on the Veracode flaw report for the application. It is applied to mitigation action and policy compliance. The following are the case-sensitive, valid <flawimportfilter> values:
  • unmitigated flaws affecting policy
  • flaws affecting policy
  • all unmitigated flaws
  • all flaws
<flawseveritylevels> Optional. Severity levels of the flaws in Veracode.  
<batchsize> Optional. Maximum number of new defects to be created in CA Agile Central for each run of the integration service. If no <batchsize> is provided, the integration does not apply a limit to the number of defects created.
<veracode>
<api_id> Required. API ID corresponding to the application defined in the <mapping> node.  
<api_key> Required. API key corresponding to the application defined in the <mapping> node.  
<inprogressscan> Optional. Determines whether or not the integration imports flaws from scans that are in progress. Default value is false. If this parameter is set to true, the integration imports the scan data for all scans for each application that has unpublished reports.
<flawreportsince> Optional. The maximum amount of time in the past (in years) that the integration searches when importing the latest flaw report. Default value is -2. Negative numbers indicate past years. The integration only includes scan data for applications with reports that have changed within the specified time frame.
<toolname> Optional. This value maps to the Environment dropdown menu on CA Agile Central defects. Do NOT change or delete these values or their child values.
<remediation_status> Required. List of possible remediation statuses for flaws found in Veracode scans.
<mitigation_status> Required. List of possible mitigation statuses for flaws found in Veracode scans.
<mitigation_action> Required. List of possible mitigation actions for flaws found in Veracode scans.
<agilecentral>
<url> Required. CA Agile Central subscription URL.  
<api_key> Required. API key used to connect to CA Agile Central. API key should have access to the entire workspace under which the CA Agile Central project exists.
<name> Required. This value maps to the Name field in defects in CA Agile Central.  
<description> Optional. This value maps to the Description field in defects in CA Agile Central.  
<foundinbuild> Optional. This value maps to the Found in Build field in defects in CA Agile Central.  
<fixedinbuild> Optional. This value maps to the Fixed in Build field in defects in CA Agile Central.  
<environment> Optional. This value maps to the Environment field in defects in CA Agile Central.  
<state_field name="state> Optional. The following child tags values map to the dropdown values in the Defect State field in defects in CA Agile Central:
  • <submitted>Submitted</submitted>
  • <triage>Triage</triage>
  • <open>Open</open>
  • <fixed>Fixed</fixed>
  • <closed>Closed</closed>
To change a Defect State mapping, change the value within the child tags, not the tags themselves. For example, if the fixed state of a defect maps to a value of fix in a particular CA Agile Central subscription,change the tag value accordingly to <fixed>fix<fixed>.
<severity_field name="severity"> Optional. The following child tags values map to the dropdown values in the Severity field in defects in CA Agile Central:
  • <catastrophic>1 - Catastrophic</catastrophic>
  • <severe>2 - Severe</severe>
  • <noncritical>3 - Non - Critical</noncritical>
  • <minor>4 - Minor</minor>
  • <enhancement>f - Enhancement</enhancement>
  • <none>None</none>
To change a Severity mapping, change the value within the child tags, not the tags themselves. For example, if a minor severity defect maps to a value of 5- Enhancement in a particular CA Agile Central subscription, change the tag value accordingly to <minor>5- Enhancement</minor>.
<priority_field name="priority"> Optional. The following child tags values map to the dropdown values in the Priority field in defects in CA Agile Central:
  • <immediate>1 - Resolve Immediately</immediate>
  • <high>2 - High Attention</high>
  • <normal>3 - Normal</normal>
  • <low>4 - Low</low>
  • <none>None</none>
To change a Priority mapping, change the value within the child tags, not the tags themselves. For example, if a normal priority defect maps to a value 4- Low in a particular CA Agile Central subscription, change the tag value accordingly to <normal>4- Low</normal>.
<resolution_field name="resolution"> Optional. The following child tags values map to the dropdown values in the Resolution field in defects in CA Agile Central:
  • <none>None</none>
  • <codechange>Code Change</codechange>
  • <willnotfix>Will not Fix</willnotfix>
  • <fixed>Fixed</fixed>
  • <notadefect>Not a Defect</notadefect>
  • <worksasdesigned>Works As Designed</worksasdesigned>
  • <falsepositive>False Positive</falsepositive>
To change a Resolution mapping, change the value within the child tags, not the tags themselves. For example, if a fixed defect maps to a value Will Not Fix in a particular CA Agile Central subscription,change the tag value accordingly to <fixed>Will Not Fix<fixed>.
<customfield>
<unique_id> Required. Custom field in CA Agile Central defects that can store the unique VeracodeToAgileCentralId of the flaw. Every flaw is given a Unique ID when it is integrated as a defect in Agile Central. This field is required to avoid duplicate defect creation when Integration runs multiple times.
<mitigation_action> Optional. Custom field in CA Agile Central defects where you can provide the mitigation action.  
<mitigation_comment> Optional. Custom field in CA Agile Central defects where you can provide the mitigation comment. An existing defect in CA Agile Central is copied over to the corresponding Veracode flaw. This field is cleared in after it is copied over to a flaw in Veracode.
<mitigation_history> Optional. Custom field in CA Agile Central defects where you can copy the mitigation history.  
<producthierarchyid> Optional. Custom field in CA Agile Central defects where you can copy the product hierarchy ID from the Veracode flaw report.