Azure DevOps YAML properties for Flaw Importer

This table describes the YAML properties and their values for adding the Veracode Flaw Importer task to an Azure DevOps build pipeline.

Property	Type	Description
`ConnectionDetailsSelection` Required	String	One of these methods for connecting to Veracode: `Endpoint` to use an existing service connection that includes your API credentials. Include `AnalysisService` to specify a service connection name. `Credentials` to enter your Veracode API credentials. Include `apiId` to enter your API ID and `apiKey` to enter your API key.
`ConnectionDetailsSelection` Required	String	One of these methods for connecting to Veracode: `Endpoint` to use an existing service connection that includes your API credentials. Include `AnalysisService` to specify a service connection name. `Credentials` to enter your Veracode API credentials. Include `apiId` to enter your API ID and `apiKey` to enter your API key.
`veracodeAppProfile` Required	String	Name of the application profile. The name is case-sensitive.
`AnalysisService`	String	If you set `ConnectionDetailsSelection` to `Endpoint`, the name of the service connection for accessing Veracode. If a service connection does not exist, you can create a new service connection.
`apiId`	String	If you set `ConnectionDetailsSelection` to `Credentials`, your Veracode API ID.
`apiKey`	String	If you set `ConnectionDetailsSelection` to `Credentials`, your Veracode API key.
`proxySettings`	String	If using a proxy to access Veracode, your proxy settings. For example: `-phost abc.com -pport 5252 -puser proxyuser -ppassword proxypassword` NOTE: Do not enclose any of the values in single or double quotations.
`sandboxName`	String	For development sandbox scans, the name of the sandbox in which to run the scan. If the sandbox does not exist, include `createSandBox` to create it with the specified name.
`scanType`	String	Scan types from which to import flaws or vulnerabilities. One of these values: `Dynamic, Static` `SCA` , `Static, SCA`, `Dynamic, Static, SCA`
`importType`	String	One of these flaw types to import: `All Flaws`: includes mitigated and remediated flaws and vulnerabilities from all scans. During the import process, the extension changes the state of the work items for all mitigated and remediated flaws to resolved or closed. After you fix or remediate the flaw, during the next scan, its status changes to fixed or mitigated in the Detailed Report. During the next import, the related work items change to closed. This option imports all flaws without any restrictions. `All Unmitigated Flaws`: includes flaws and vulnerabilities from all scans. `All Flaws Violating Policy`: includes all open flaws and vulnerabilities from all scans that affect policy. `All Unmitigated Flaws Violating Policy`: includes open flaws and vulnerabilities from all scans that affect policy. The default. When generating new work items for imported flaws, the extension also imports mitigation and annotation comments. If you add comments to a previously imported flaws with work items, the extension does not import the new comments to work items during subsequent imports.
`workItemType`	String	One of these work item types to apply to all imported flaws:`Bug`, `Issue`, `Task`, `Epic`, `Feature`, `Test Case` NOTE: The Scrum process template does not support the Issue work item type. Also, the Veracode Flaw Importer task can only import flaws to customized work item types that do not contain required fields. If your customized work item types contain required fields, you must select different work item types that do not contain required fields, or the flaws fail to import.
`area`	String	Path to the area where you want to group the work items. You can enter up to five levels in the path. To enter the area paths, use the format `<project_name>\<area_1>\<area_2>`. For `<project_name>`, enter the name of the project in the Build Pipeline or Release Pipeline task for which you want to import flaws.
`overwriteAreaPathInWorkItemsOnImport`	Boolean	Set to `true` to replace the area path in new and existing work items with the value specified for `area`. If set to `false` existing work items retain their current area path.
`addCustomTag`	String	Add a tag with a custom string to all work items for all imported flaws.
`addCweAsATag`	Boolean	Add a tag with the CWE ID for the discovered flaw to the corresponding work item. Set to `true` to add the tag. Set to `false` to not add the tag. Defaults to `true` and you only see this property in the YAML file if the value is `false`.
`addCveAsATag`	Boolean	For SCA scans, add a tag with the CVE ID for the finding to the work item. Set to `true` to add the tag. Set to `false` to not add the tag. Defaults to `true` and you only see this property in the YAML file if the value is `false`.
`addScanTypeTag`	Boolean	Add a tag with the scan type, such as Static or Dynamic, that found the finding to the work item. Set to `true` to add the tag. Set to `false` to not add the tag. Defaults to `true` and you only see this property in the YAML file if the value is `false`.
`addSeverityTag`	Boolean	Add a tag with the finding severity to the work item. Set to `true` to add the tag. Set to `false` to not add the tag. Defaults to `true` and you only see this property in the YAML file if the value is `false`.
`addDueDateTag`	Boolean	Add a tag to the work item with the due date for your team to fix the finding. Set to `true` to add the tag. Set to `false` to not add the tag. Defaults to `true` and you only see this property in the YAML file if the value is `false`.
`foundInBuild`	Boolean	Add a tag with the build number of the build in which Veracode discovered the flaw to the corresponding work item. Set to `true` to add the tag. Set to `false` to not add the tag. Defaults to `true` and you only see this property in the YAML file if the value is `false`.
`addScanNameAsATag`	Boolean	Add a tag to each work item showing the name of the Veracode scan that found the imported flaw. Set to `true` to add the tag. Set to `false` to not add the tag. Defaults to `true` and you only see this property in the YAML file if the value is `false`.
`flawImportLimit`	Integer	Maximum number of flaws to import at the same time. Default is `1000`.
`customFields`	String	Add custom fields from process templates to generated work items of imported flaws. Enter key-value pairs to specify each field name and value. Add each key-value pair, separated with a colon, on a new line. For example: `field.name:value` NOTE: Ensure these field names match the field names you define in Azure and that all values are valid for a given field type. If there are any mismatch or validation errors, you can only see these errors in the console after importing flaws.