You configure your screen template in Jira to include two Veracode custom fields. When importing findings to Jira, the Veracode Integration for Jira automatically adds the custom fields to each Jira issue of imported findings and populates the values.
Before you begin:
Before a custom field can display on the Issues page in Jira, the specific value intended for that custom field must already exist in the Veracode Platform.
You configure these Veracode custom fields:
- Veracode Link: manages the association of the Jira issue with the application findings in the scan results on the Veracode Platform. After completing this procedure, this custom field provides links back to the specific application, policy, and findings in the Veracode Platform.
- Mitigation Status and Comments: describes the current mitigation status, with optional comments, for an imported finding.
To complete this task:
- In Jira, select Administration > Issues > Screens.
- Find the screen template that you use for importing Veracode security findings.
- Select Configure to display the Configure Screen page for the selected template.
- From the Field name dropdown menu, select Veracode Link and select Add.
- From the Field name dropdown menu, select Mitigation Status and Comments and select Add. The custom fields appear on the Configure Screen page.
To prevent your users from changing the Mitigation Status and Comments field, Veracode recommends that you make the field read-only.