Mapping Custom Fields in Jira

Ticketing Systems

The Veracode Integration for Jira can map custom fields in the application profile in the Veracode Platform to standard or custom fields in a Jira ticket.

To improve the import of Veracode findings into your Jira bug tickets, you can map the standard or custom Jira fields to Veracode-supplied fields in the Veracode Platform. Mapping configuration changes do not affect the synchronization processing of any ongoing findings.
Note: Custom field mappings (Custom 1 to Custom 10) do not support SCA findings.

When you map Veracode-supplied fields to Jira fields, the process overrides any default values in the Jira issue. If the values in the Veracode fields are invalid, the default Jira value or an empty value takes its place and the finding import process continues, uninterrupted.

The following table lists the standard Jira fields you can map to the Veracode custom fields.

Standard Jira Field Notes
Affected Versions  
Assignee If you create a mapping for Assignee, but do not provide a value in the appropriate Veracode custom field, the plugin uses the project assignee defined on the Jira configuration page.
Component

The plugin validates this value against component values defined on the Jira configuration page. Use the following format:

<compName1>:<compDesc1>:<compLeadName1>:<assigneeType_ID>,<compName2>:<compDesc2>:<compLeadName2>:<assigneeType_ID>

For example, subproject1:group1a:joeB:2.

Description A value appended to the description value from the detailed report.
Environment  
Fix Version  
Issue Type If there is no mapping for this field, the plugin uses the issue type set in the on the Jira configuration page.
Labels Separate the labels by commas. The plugin removes any spaces between labels and concatenates any strings. These labels are added to any labels, such as CWE, that are specified by the Labels settings on the Veracode Integration Administration page.
Original Estimate The original estimate of the work required to resolve this issue. To map this field, you must have Time Tracking configured on the Jira screen.
Reporter If there is no mapping for this field, the plugin uses the reporter the on the Jira configuration page.
Time Spent This value is calculated based on the Time Tracking setting in Jira. You can set the default unit to Minute, Hour, Day, or Week, and the input long value is converted to the default unit. To map this field, you must have Log Work configured on the Jira configuration page.

You define Jira custom fields by various categories including type using the Jira Administration menu: Administration > Issues > Custom fields > Add custom field. If you want to map Jira custom fields to Veracode Platform fields, the only field definitions that are allowed on the Custom Field page are Select List (single choice), Text Field (single line), or Text Field (muti-line).

The Veracode Platform categories of default Jira fields are as follows:

Common Fields
Information pertaining to a particular Veracode application and also applicable to static analysis and SCA findings
Static Fields
Details for static analysis, dynamic analysis, and manual penetration test scan results
SCA Components
Security findings details for SCA component
SCA Vulnerabilities
Security findings details for SCA vulnerabilities

The Veracode Platform Jira fields also include the following custom fields:

  • Custom 1 – Custom 10

The following image shows the Veracode Platform Jira fields.