Mapping Custom Fields in Jira

Ticketing Systems

The Veracode Integration for Jira can map custom fields in the application profile in the Veracode Platform to standard or custom fields in a Jira ticket.

To improve the import of Veracode findings into your Jira bug tickets, you can map the standard or custom Jira fields to Veracode-supplied fields in the Veracode Platform. Mapping configuration changes do not affect the synchronization processing of any ongoing findings.
Note: Custom field mappings (Custom 1 to Custom 10) do not support SCA findings.

When you map Veracode-supplied fields to Jira fields, the process overrides any default values in the Jira issue. If the values in the Veracode fields are invalid, the default Jira value or an empty value takes its place and the finding import process continues, uninterrupted.

The following table lists the standard Jira fields you can map to the Veracode custom fields.

Standard Jira Field Notes
Affected Versions  
Assignee If you create a mapping for Assignee, but do not provide a value in the appropriate Veracode custom field, the plugin uses the project assignee defined on the Jira configuration page.
Component/s The plugin validates this value against component values defined on the Jira configuration page. Use the following format:

<compName1>:<compDesc1>:<compLeadName1>:<defaultAssigneeID>

For example, comp1:my_component:Mary:0

If you omit a part, enter a space after the colon. For example, comp1: : : . For the default assignee, which is 0 in the first example above, you enter one of these numeric values:
  • 0 (or empty)—Project Default
  • 1—Component Lead
  • 2—Project Lead
  • 3—Unassigned
The numeric values correspond to the actual default assignee options, such as Project Default or Component Lead, in Jira. See the Jira product documentation.
Description A value appended to the description value from the detailed report.

The Description (overwrite) option replaces the Description field in Jira with the value from the selected Veracode Platform field. If the selected Veracode Platform field is empty, the mapping erases the contents of the Description field in Jira.

Environment  
Fix Version  
Issue Type If there is no mapping for this field, the plugin uses the issue type set on the Jira configuration page.
Labels Separate the labels with commas. The plugin removes any spaces between labels and concatenates any strings. The plugin adds the labels to any labels, such as CWE, that are specified with the Labels settings on the Veracode Integration Custom fields page.
Original Estimate The original estimate of the work required to resolve this issue. To map this field, you must have Time Tracking configured on the screen.
Reporter If there is no mapping for this field, the plugin uses the reporter the on the Jira configuration page.
Time Spent This value is calculated based on the Time Tracking setting in Jira. You can set the default unit to Minute, Hour, Day, or Week, and the input long value is converted to the default unit. To map this field, you must have Log Work configured on the Jira configuration page.

You select from various categories of issue criteria, such as field type, to create custom fields on the Jira Administration page: Administration > Issues > Custom fields > Add custom field. If you want to map Jira custom fields to Veracode Platform fields, the only field definitions that are allowed on the Custom Field page are Select List (single choice), Text Field (single line), or Text Field (multi-line).

The Veracode Platform categories of default Jira fields are as follows:

Common Fields
Information pertaining to a specific Veracode application and also applicable to static analysis and SCA findings
Static Fields
Details for static analysis, dynamic analysis, and manual penetration test scan results
SCA Components
Security findings details for SCA components
SCA Vulnerabilities
Security findings details for SCA vulnerabilities
The Veracode Platform Jira fields also include the following custom fields:
  • Custom 1 – Custom 10

The following image shows the Veracode Platform Jira fields.