Integrate agents with ticketing systems
You can create Jira and GitHub issues in the Veracode Platform for vulnerabilities discovered by SCA Agent-based Scan.
Atlassian Jira
Create issues for vulnerabilities
Setting up the integration for Jira Cloud allows your organization to create Jira issues from within the Veracode Platform.
If you also use Veracode Static Analysis, we recommend using the Veracode Integration for Jira Cloud, which offers additional features and greater customization. To integrate your agent-based scan findings with Veracode Integration for Jira Cloud, you must link your project to an application profile in the Veracode Platform.
Before you begin:
To set up this integration, you must have the Security Lead role in the Veracode Platform and be an administrator of your Jira instance.
This integration works with both Jira Cloud and Jira Server. Your Jira Server instances must be accessible from outside the internet.
To complete this task:
-
In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
-
Select Agent-Based Scan.
-
Select Agent-Based Scan Settings > Integrations > Actions > Create Jira Cloud Integration.
-
Enter a name and server URL for your integration and select Next.
-
To leave the Veracode Platform and go to your Jira instance, select the application link.
-
Inside JIRA application link setting, for URL, enter
https://sca.analysiscenter.veracode.com. -
Select Create New Link.
-
If you see a warning saying no response was received from the URL you entered, select Continue.
-
For Application Name, enter
SourceClear. -
From the Application Type dropdown menu, select Generic Application.
-
Select Continue.
-
Select the pencil icon to the right of the newly created application.
-
Select Incoming authentication and copy the values you see on step 3 into this screen.
-
Select Save.
-
Copy the following values:
- Consumer Key
- Consumer Name
- Public Key
- Callback URL
-
Select Save.
-
In the Veracode Platform, Select Next.
Results:
When you see the Step 3 window, select the link. To authorize the OAuth application, select Allow. You can now create your first ticket template.
Create a ticket template
A ticket template allows you to easily create multiple Jira issues with the same format.
Select an integration from the integration setting page, configure the fields in the Create Ticket Template window, and save.
Create issues
When creating an issue, select Jira Cloud and information pre-populates based on the chosen template.
A success message provides a link to your Jira ticket upon creation.
Atlassian Jira Legacy
You can configure as many Jira projects as you need. Enter your Jira details in your Manage Workspace > Issue Tracking page.
Create issues from project reports
Select the checkbox next to each issue in the Issues table to create issues.
Work with multiple projects
If you have multiple Jira projects set up, select the project in which to open the issue from the Jira Project dropdown menu.
Fix issues quickly
You can edit the Jira issue before creating it. The issue automatically includes a link to the vulnerability and details on how to upgrade.
GitHub
The SCA agents support cloud-hosted (GitHub.com) and self-hosted (GitHub Enterprise) versions of GitHub issues.
Before you begin:
You must have the Security Lead role.
To complete this task:
- In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
- Select Agent-Based Scan.
- Select Agent-Based Scan Settings > Integrations > Actions > Create GitHub Integration.
- Choose the workspace where you want to set up the integration.
- Select Activate GitHub integration.
Create issues from vulnerabilities
In the Veracode Platform, select the checkbox next to each issue in the Issues List table. To create issues, select Actions > Create Issue.
If you select more than one issue, the Create Issue button is unavailable. You can only create one issue for each ticket.
Fix issues with GitHub Issues
You can edit the GitHub issue before creating it. The issue automatically includes a link to the vulnerability and details on how to upgrade.