Understanding the Finding Life Cycle

Ticketing Systems

The Veracode Integration for Jira maintains the Jira issue status that a finding has when the integration imports it into Jira. The status is based on the configuration settings on the Administration page. The Jira integration sometimes changes the status of Jira issues and, consequently, adds a comment to the issue describing the reason for the action.

The integration considers each issue to be in one of the following three status types:
  • Resolved: Considered to be done but not verified or closed. The Jira status names are Resolved or In Review.
  • Closed: Someone has verified the issue. The Jira status names are Closed, Done, or Complete.
  • Open: Every other status.

If an issue is not resolved, the integration tries to transition it to Resolve, Resolve Issue, Complete Work, Close Issue, or Done. If someone reopens an issue, the integration tries to transition the status to Reopen, Reopen Issue, To Do, Queued for Action, Restart Progress, Start Progress, or Start Review.

In addition, the integration tries to change the status of issues in the following situations:

  • When a previously imported finding is not found in a new scan, and the corresponding issue is not Resolved or Closed. The integration resolves the issue as Cannot Reproduce.
  • When the finding still exists but the integration configuration indicates the finding should not be imported. You should resolve the issue as Won't Fix.
  • When the finding still exists and the integration configuration says the finding should be imported, but the Jira issue is Resolved or Closed. You should reopen the issue.

You can change issue status by searching for and executing status transitions for the project of the issue. For each transition there is a list of transition names. You resolve an issue by selecting the Jira transition that matches one of the names on the list. The list is ordered, transitions are searched in the order shown, and the first allowed transition is used. It is better to transition to an imperfect status than to not change an issue.

The reopen transitions comprise:
  • Reopen
  • Reopen Issue
  • Open
  • To Do
  • Queued for Action
  • Restart Progress
  • Start Progress
  • Start Review
The resolve transitions comprise:
  • Resolve
  • Resolve Issue
  • Complete Work
  • Close
  • Close Issue
  • Done