Map Veracode Fields to Bugzilla Fields

Ticketing Systems

You can customize Bugzilla import business logic with information from your local Bugzilla implementation.

Overview

The veracode_bugzilla.xslt file contains business logic to map custom fields in the Veracode Platform to Bugzilla fields. The file contains three parameters at the top that you must customize with information from your local Bugzilla implementation: urlbase, maintainer, and exporter. The XSLT file suppresses importing fixed findings, but populates new, open, and reopened findings. If you use the XSLT file on multiple builds of the same application, you can also suppress open findings.

Steps

  1. Open veracode_bugzilla.xslt in a text editor or XML editor.

  2. Find the line that begins <xsl:param name="urlbase" and change the value in quotation marks to the urlbase of your Bugzilla instance. Ensure the value matches the urlbase that appears on the Administration > Settings page in Bugzilla.

  3. Find the line that begins <xsl:param name="maintainer" and change the value in quotation marks to the email address of the person responsible for maintaining the Bugzilla account.

  4. Find the line that begins <xsl:param name="exporter" and change the value in quotation marks to the email address of a valid Bugzilla user in your local implementation. Ensure the value matches the user that appears on the Administration > Settings page in Bugzilla.

  5. If you have changed the default values for the Severity and Priority fields, search the XSLT file for @severity and update any references to that field with your values. Veracode assigns these values based on the severity of the finding.

  6. To suppress open findings, you can edit the two <xsl:choose> sections in the file.