Use Custom Process Templates to Import Flaws into Azure DevOps

Build and Release Management

You can use custom process templates to automate the import of flaws from Veracode Static Analysis in your Software Development Life Cycle.

  1. If you are using customized process templates, configure these predefined variables on the Variables tab in your build or release configuration:
    Note: The names of these predefined variables must match the variable names in your customized process templates.
    enableCustomProcessTemplate
    Enter true to enable.
    customWorkItemType
    Enter one of these work item types:
    • Bug
    • Epic
    • Feature
    • Issue
    • Task
    • Test Case
    customPTActiveStatus
    Enter the state for in progress or active work.
    customPTNewStatus
    Enter the state for new or proposed work.
    customPTResolvedStatus
    Enter the state for resolved work.
    customPTDesignStatus
    Enter the state for work in design or test.
    customPTCloseStatus
    Enter the state for completed work.

    You configure these variables for the work item type (WIT) of which you are creating work items in your build or release configuration. The variables ensure that flaws import correctly if the status of a work item changes. See the Azure DevOps documentation for information on the work item states.

    For example, on the States tab, you might have a Bug work item with these state changes:
    • For Proposed: Introducing
    • For In Progress: Working
    • For Resolved: Fixed
    • For Completed: Closed
    In your build or release configuration, on the Variables tab, you configure these pipeline variables in the customized process template for the Bug work item:
    • enableCustomProcessTemplate: enter true
    • customWorkItemType: enter Bug
    • customPTActiveStatus: enter Working
    • customPTNewStatus: enter Introducing
    • customPTResolvedStatus: enter Fixed
    • customPTCloseStatus: enter Closed
  2. Optionally, to add debugging to your pipeline, add a new variable and enter these values in the New variable window:
    • Name: system.debug
    • Value: true
  3. Click Save & queue to save your configurations and add the build to your queue.
After the flaw import task has completed successfully, the work items related to flaws in a given application appear in Azure DevOps or TFS. In Azure DevOps, you can search on the Work or Queries pages, for example, to find the work items you created.

You can use a variable to prevent a password from appearing in a console log. See Hide a Proxy Password in Azure DevOps or TFS.