Manage your vulnerability fixes in the same place as all other tasks.
Your ticketing system is where you store your upcoming tasks and rank your To-Dos according to importance. Veracode strongly believes that severe security vulnerabilities should be top of your list. Therefore, you can use DAST Essentials to create automatic tickets if vulnerabilities should be detected. This section assumes you have a CI/CD integration that automatically starts the scans and receives the reports. If you need help on that aspect, see CI/CD integrations or the CircleCI example. In addition, this section explains how this connection could work through your vulnerability management system, such as DefectDojo.
Jira is an issue and project tracking system sold by Atlassian.
The platform allows development teams to capture and prioritize tickets that need to be developed. As a best practice, development teams should create access for known vulnerabilities in their application, so the remediation is planned and tracked. In addition, Jira offers an API to script the interaction with other software. Via this API, you can script the creation of issues individually or in bulk.
Because Jira setup (issue names, team rules, etc.) is slightly different for each customer, an example for you to copy/paste is not available. For help with this integration, contact Veracode Technical Support.
Using Jira and DefectDojo is a neat way to integrate the two tools. The Defect Dojo API allows you to set up two-way communication.
So in an ideal scenario, once you create an issue in DefectDojo, a new topic in Jira is automatically created, including the critical information on how to remediate it and where it was found.
Assuming the vulnerability was closed and the corresponding Jira ticket was closed. Then the related finding in DefectDojo will be closed. Neat, right?
Asana is a project management solution that helps teams organize and prioritize work.
Similar to Jira, Asana offers an API to script the interaction with their software. Creating a new task is as easy as POSTing to the /tasks endpoint with a data block containing the fields you'd like to set on the task. Any unspecified areas will take on default values.
Because Asana setup (task names, team rules, etc.) is slightly different for each customer, an example for you to copy/past is not available. If you have questions, contact Veracode Technical Support.