Bug Tracking Services
The following Bug Tracking Services are supported via Feedback App feature:
Jira
In the Select Feedback App screen select Jira as the Bug Tracking Service.
 |
Jira Authentication
Checkmarx One supports both Jira cloud and Jira on-prem integrations.
Notice
For Jira on-prem integration It is possible to add the Checkmarx One external IP addresses to the customer FW whitelist - For more information see Checkmarx One External IP's List
Jira authentication is performed according to the following table:
Jira Version | Authentication Method |
|---|---|
Jira cloud | Email + Token |
Jira Core 8.14 and later (on-prem) | Email + Token |
Jira Software 8.14 and later (on-prem) | Email + Token |
Jira Service Management 4.15 and later (on-prem) | Email + Token |
Jira on-prem lower than the above versions | Username + Password |
Jira Limitations
The below table presents Jira limitations.
Limitation | Notes |
|---|---|
Need to add project id and not name | Update planned |
Can’t add a label-prefix | Update planned |
Can’t change JIRA title in JIRA | |
Can’t add mandatory fields to the wizard | Planned to implemented with dynamic Jira manifest |
Can’t customize summary format | Not planned |
General Settings
Jira General Setting screen contains basic details for the new Feedback App.
The screen includes the following fields:
Note
Mandatory fields are marked with 
.
Field | Description | Optional Values | Notes |
|---|---|---|---|
Feedback App Name | Free text | ||
Description (Optional) | Feedback App description | Free text | |
Tags (Optional) | Assign tags to a Feedback App | Free text | Tags are very useful for filtering purposes |
Click Next to go to Vulnerabilities Filters screen.
Click Back to return to Select Feedback App screen.
 |
Vulnerabilities Filters
Jira Vulnerabilities Filters screen refers to Checkmarx One filtered scan vulnerabilities results.
In this screen users configure the filters for the Checkmarx One scan vulnerabilities results. The results will be sent to the the configured Jira board.
The screen contains the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
Severity | The severity level of a vulnerability that triggers the Feedback App. |
|
|
State (Optional) | To decrease the number of issues created in Azure Boards, specify also the state of a vulnerability that triggers the Feedback App. In conjunction with the severity, this makes the setting more precise. |
|
|
 |
Click Next to go to App Credentials screen.
Click Back to return to General Settings screen.
App Credentials
App Credentials screen contains all the Jira board connection details.
The screen contains the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
URL | Jira main URL For example: https://checkmarx.atlassian.net/ | Free text | |
Email / Username | Jira Email / Username | Free text |
|
Token / Password | Jira Token / Password | Free text |
|
 |
Click Test Connection
Note
Once the connection is successful, a "Project" field will be added.
All the Jira board projects will be automatically fetched and presented in the drop-down list.
Click Next to go to App Credentials screen.
Click Back to return to Vulnerabilities Filters screen.
App Configuration
App Configuration screen contains all the Jira board details. In this screen users configure the filters for the the Bug Tracking Service - in this case Jira.
The screen contains the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
Issue-type | The type of an issue that will be created in Jira Board when a Checkmarx scan detects a vulnerability with the severity and, optionally, state that you specified in the Vulnerabilities Filters section. | Dynamic list | All the Jira issue types are automatically fetched and presented in the drop-down list. |
Open-status | The status automatically assigned to an issue that the Feedback App creates in Jira Board. | Dynamic list |
|
Close-status | The status automatically assigned when an issue that the Feedback App created in Azure Boards is closed. | Dynamic list |
|
Labels (Optional) | Configure which Jira labels will be assigned to the opened Jira tickets | Free text | |
Open-transition | If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened with this status. | Free text |
WarningAny mistake in the Open-transition status characters will cause an error |
Close-transition | If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened. When the issue is resolved, the reopened ticket will be closed with this status. | Free text |
WarningAny mistake in the Close-transition status characters will cause an error |
Due-date (Optional) | What is the due date for the Jira tickets that will be opened. |
|
Click Next to go to Priorities Mapping screen.
Click Back to go to App Credentials screen.
Priorities Mapping
Jira Priorities Mapping is used for mapping Checkmarx One vulnerability severity to the corresponding Azure priority.
Field | Description | Optional Values | Notes |
|---|---|---|---|
Jira Priorities | Select a suitable Azure Boards priority for each vulnerability severity. To appear in this screen, the severity needs to be selected in the Vulnerabilities Filter section. | Free text |
 |
Click Create App
Click Back to return to App Credentials screen.
Azure
In the Select Feedback App screen select Azure as the Bug Tracking Service.
 |
General Settings
General Setting screen contains basic details for the new Feedback App.
The screen includes the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
Feedback App Name | Free Text | ||
Description (Optional) | Feedback App description | Free Text | |
Tags (Optional) | Assign tags to a Feedback App | Free Text | Tags are very useful for filtering purposes |
 |
Click Next to go to Vulnerabilities Filters screen.
Click Back to return to Select Feedback App screen.
Azure Vulnerabilities Filters
Azure Vulnerabilities Filters screen refers to Checkmarx One filtered scan vulnerabilities results.
In this screen users configure the filters for the Checkmarx One scan vulnerabilities results. The results will be sent to the the configured Azure board.
The screen contains the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
Severity | The severity level of a vulnerability that triggers the Feedback App. |
|
|
State (Optional) | To decrease the number of issues created in Azure Boards, specify also the state of a vulnerability that triggers the Feedback App. In conjunction with the severity, this makes the setting more precise. |
|
|
 |
Click Next to go to App Credentials screen.
Click Back to return to General Settings screen.
App Credentials
Azure Credentials screen contains all the Azure board connection details.
The screen contains the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
URL | Azure URL must contain the organization For example: https://dev.azure.com/<organization>/ https://<organization>/visualstudio.com/ | Free text | |
Token | Provide a Personal Access Token (PAT) for authenticating into Azure DevOps. For Microsoft instructions on creating a PAT, refer to this link. | Free text |
 |
Click Test Connection
Note
Once the connection is successful, a Project field will be added.
All the Azure board projects will be automatically fetched and presented in the drop-down list.
 |
Click Next to go to App Configuration screen.
Click Back to go to Vulnerabilities Filters screen.
App Configuration
Azure Configuration screen contains all the Jira board details. In this screen users configure the filters for the the Bug Tracking Service - in this case Azure.
The screen contains the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
Issue-type | The type of an issue that will be created in Azure Boards when a Checkmarx scan detects a vulnerability with the severity and, optionally, state that you specified in the Vulnerabilities Filters section. | Dynamic list | All the Jira issue types are automatically fetched and presented in the drop-down list. |
Open-status | The status automatically assigned to an issue that the Feedback App creates in Azure Board. | Dynamic list |
|
Close-status | The status automatically assigned when an issue that the Feedback App created in Azure Boards is closed. | Dynamic list |
|
Tags (Optional) | The tag(s) automatically assigned to an issue that the Feedback App creates in Azure Boards. | Free text | |
Open-transition | If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened with this status. | Free text |
WarningAny mistake in the Close-transition status characters will cause an error |
Close-transition | If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened. When the issue is resolved, the reopened ticket will be closed with this status. | Free text |
WarningAny mistake in the Close-transition status characters will cause an error |
 |
Click Next to go to Priorities Mapping screen.
Click Back to go to App Credentials screen.
Priorities Mapping
Azure Priorities Mapping is used for mapping Checkmarx One vulnerability severity to the corresponding Azure priority.
Note
Azure priorities are configured using 1-4 numbers.
Field | Description | Optional Values | Notes |
|---|---|---|---|
Azure Priorities | Select a suitable Azure Boards priority for each vulnerability severity. To appear in this screen, the severity needs to be selected in the Vulnerabilities Filter section. | Free text | The values are 1-4 |
 |
Click Create App
Click Back to go to App Configuration screen.
GitHub Issues
Preconditions
GitHub Issues is a lightweight issue-tracking system that is available in all GitHub repositories.
When you create a GitHub repo, you get GitHub Issues enabled out of the box.
If GitHub Issues is not enabled for the relevant repo, use the below link as a reference to enable it:
In the Select Feedback App screen select GitHub Issues as the Bug Tracking Service.
 |
General Settings
GitHub Issues General Setting screen contains basic details for the new Feedback App.
The screen includes the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
Feedback App Name | Free text | ||
Description (Optional) | Feedback App description | Free text | |
Tags (Optional) | Assign tags to a Feedback App | Free text | Tags are very useful for filtering purposes |
Click Next to go to Vulnerabilities Filters screen.
Click Back to return to Select Feedback App screen.
 |
Vulnerabilities Filters
GitHub Issues Vulnerabilities Filters screen refers to Checkmarx One filtered scan vulnerabilities results.
In this screen users configure the filters for the Checkmarx One scan vulnerabilities results. The results will be sent to the the configured GitHub Issues board.
The screen contains the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
Severity | The severity level of a vulnerability that triggers the Feedback App. |
|
|
State (Optional) | To decrease the number of issues created in Azure Boards, specify also the state of a vulnerability that triggers the Feedback App. In conjunction with the severity, this makes the setting more precise. |
|
|
 |
Click Create App
Click Back to return to General Settings screen.