You can use custom process templates to automate the import of flaws from Veracode Static Analysis in your Software Development Life Cycle.
If you are using customized process templates, configure these predefined
variables on the Variables tab in your build or release
Note: The names of these predefined variables must match the variable names in your customized process templates.
- Enter true to enable.
- Enter one of these work item types:
- Test Case
- Enter the state for in progress or active work.
- Enter the state for new or proposed work.
- Enter the state for resolved work.
- Enter the state for work in design or test.
- Enter the state for completed work.
You configure these variables for the work item type (WIT) of which you are creating work items in your build or release configuration. The variables ensure that flaws import correctly if the status of a work item changes. See the Azure DevOps documentation for information on the work item states.For example, on the States tab, you might have a Bug work item with these state changes:
In your build or release configuration, on the Variables tab, you configure these pipeline variables in the customized process template for the Bug work item:
- For Proposed: Introducing
- For In Progress: Working
- For Resolved: Fixed
- For Completed: Closed
- enableCustomProcessTemplate: enter true
- customWorkItemType: enter Bug
- customPTActiveStatus: enter Working
- customPTNewStatus: enter Introducing
- customPTResolvedStatus: enter Fixed
- customPTCloseStatus: enter Closed
Optionally, to add debugging to your pipeline, add a new variable
and enter these values in the New variable window:
- Name: system.debug
- Value: true
- Click Save & queue to save your configurations and add the build to your queue.
You can use a variable to prevent a password from appearing in a console log. See Hide a Proxy Password in Azure DevOps or TFS.