Skip to main content

Bug Tracking Services

The following Bug Tracking Services are supported via Feedback App feature:

Jira

Note

The lowest Jira permission level that is needed to be able to create Jira issues (Bug, Task, Story, etc.) are Browse projects and Create issues project permission.

For additional information see Create Issues and Manage project permissions

In the Select Feedback App screen select Jira as the Bug Tracking Service.

Select_Jira.png

Jira Authentication

Checkmarx One supports both Jira cloud and Jira on-prem integrations.

Notice

For Jira on-prem integration It is possible to add the Checkmarx One external IP addresses to the customer FW whitelist - For more information see Checkmarx One External IP's List

Jira authentication is performed according to the following table:

Jira Version

Authentication Method

Jira cloud

Username + API Token

Jira Core 8.14 and later (on-prem)

Username + Token

Jira Software 8.14 and later (on-prem)

Personal Access Token

Jira Service Management 4.15 and later (on-prem)

Username + Token

Jira on-prem lower than the above versions

Username + Password

Jira Limitations

The below table presents Jira limitations.

Limitation

Notes

Need to add project id and not name

Update planned

Can’t add a label-prefix

Update planned

Can’t change JIRA title in JIRA

Can’t add mandatory fields to the wizard

Planned to implemented with dynamic Jira manifest

Can’t customize summary format

Not planned

General Settings

Jira General Setting screen contains basic details for the new Feedback App.

The screen includes the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Feedback App Name

Free text

Description (Optional)

Feedback App description

Free text

Tags (Optional)

Assign tags to a Feedback App

Free text

Tags are very useful for filtering purposes

Click Next to go to Vulnerabilities Filters screen.

Click Back to return to Select Feedback App screen.

Jira_General_Settings.png

Vulnerabilities Filters

Jira Vulnerabilities Filters screen refers to Checkmarx One filtered scan vulnerabilities results.

In this screen users configure the filters for the Checkmarx One scan vulnerabilities results. The results will be sent to the configured Jira board.

The screen contains the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Severity

The severity level of a vulnerability that triggers the Feedback App.

  • High

  • Medium

  • Low

  • Info

  • It is possible to select several severities

  • Default values - High, Medium

State (Optional)

To decrease the number of issues created in Azure Boards, specify also the state of a vulnerability that triggers the Feedback App.

In conjunction with the severity, this makes the setting more precise.

  • To Verify

  • Confirmed

  • Urgent

  • Proposed Not Exploitable

  • Not Exploitable

  • It is possible to select several states

  • Default values - Confirmed, Urgent, Proposed Not Exploitable, To Verify

Jira_Vulnerabilities_Filters.png

Click Next to go to App Credentials screen.

Click Back to return to General Settings screen.

App Credentials

App Credentials screen contains all the Jira board connection details.

The screen contains the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

API Token / Personal Access Token

Jira authentication method

See Jira Authentication

URL

Jira main URL

For example: https://checkmarx.atlassian.net/

Free text

Email / Username

Jira Email / Username

Free text

  • Jira cloud based: Email

  • Jira on-prem: Username

Jira Authentication

Token / Password

Jira Token / Password

Free text

  • Jira cloud based: Token

  • Jira on-prem: Password

Jira Authentication

Perform the following:

  1. Select the authentication method.

    For additional information see Jira Authentication

  2. Fill in the URL, Username & Token fields.

  3. Click Test Connection

    App_Credentials.png

Note

  • Once the connection is successful, a "Project" field will be added.

  • All the Jira board projects will be automatically fetched and presented in the drop-down list.

    App_Credentials_Project_Field.png

Click Next to go to App Credentials screen.

Click Back to return to Vulnerabilities Filters screen.

App Configuration

App Configuration screen contains all the Jira board details. In this screen users configure the filters for the Bug Tracking Service - in this case Jira.

The screen contains the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Issue-type

The type of an issue that will be created in Jira Board when a Checkmarx scan detects a vulnerability with the severity and, optionally, state that you specified in the Vulnerabilities Filters section.

Dynamic list

All the Jira issue types are automatically fetched and presented in the drop-down list.

Open-status

The status automatically assigned to an issue that the Feedback App creates in Jira Board.

Dynamic list

  • All the Jira Open statuses are automatically fetched and presented in the drop-down list.

  • It is possible to configure several statuses.

Close-status

The status automatically assigned when an issue that the Feedback App created in Jira Boards is closed.

Dynamic list

  • All the Jira Close statuses are automatically fetched and presented in the drop-down list.

  • It is possible to configure several statuses.

Labels (Optional)

Configure which Jira labels will be assigned to the opened Jira tickets

Free text

Open-transition

If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened with this status.

Free text

  • Only 1 status can be configured.

  • Must be exactly as it exists in Jira.

Warning

Any mistake in the Open-transition status characters will cause an error

Close-transition

If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened.

When the issue is resolved, the reopened ticket will be closed with this status.

Free text

  • Only 1 status can be configured.

  • Must be exactly as it exists in Jira.

Warning

Any mistake in the Close-transition status characters will cause an error

Due-date (Optional)

What is the due date for the Jira tickets that will be opened.

  • 1 week

  • 2 weeks

  • 1 month

  • 2 months

  • 3 months

Once the user selects an issue type that has at least one supported additional field, Set additional issue fields checkbox appears.

Additional issue fields provide the option to set the relevant values for Jira custom fields, of which some/all may be required for opening Jira tickets.

For more information about Jira custom fields, see Jira Free Form

For example:

Set_additional_issue_fields.png

Click Next to go to Priorities Mapping screen

Click Back to go to App Credentials screen.

Priorities Mapping

Jira Priorities Mapping is used for mapping Checkmarx One vulnerability severity to the corresponding Jira priority.

Field

Description

Optional Values

Notes

Jira Priorities

Select a suitable Azure Boards priority for each vulnerability severity.

To appear in this screen, the severity needs to be selected in the Vulnerabilities Filter section.

Free text

6207144279.png

Click Create App

Click Back to return to App Credentials screen.

Jira Free Form

Jira free form feature enhances the support for opening Jira tickets.

This is being performed by allowing the user the option to set the relevant values for Jira custom fields, of which some/all may be required for opening Jira tickets.

The feature also improves the user experience by allowing additional field types to be configured, mandatory or not.

These field types appear in Jira project settings on the right side, and they are defined per issue type (Bub, Task, Story, etc.)

Jira_Custom_Fields.png

Checkmarx One support the following out of the box Jira custom fields:

  • Short text

  • Paragraph

  • Date

  • Number

  • Time stamp

  • Labels

  • Dropdown

  • Checkbox

Limitations

  • Only a Jira user with Create issues project permission user role will be able to see the custom fields.

    For additional information about Jira permissions see Create issues in Jira and Jira operation permissions

  • Predefined fields that are created using Jira plugins are not supported. This means that it might be that some required Jira fields won't appear in the additional issue fields options.

Azure

In the Select Feedback App screen select Azure as the Bug Tracking Service.

Select_Azure.png

General Settings

General Setting screen contains basic details for the new Feedback App.

The screen includes the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Feedback App Name

Free Text

Description (Optional)

Feedback App description

Free Text

Tags (Optional)

Assign tags to a Feedback App

Free Text

Tags are very useful for filtering purposes

6585417871.png

Click Next to go to Vulnerabilities Filters screen.

Click Back to return to Select Feedback App screen.

Azure Vulnerabilities Filters

Azure Vulnerabilities Filters screen refers to Checkmarx One filtered scan vulnerabilities results.

In this screen users configure the filters for the Checkmarx One scan vulnerabilities results. The results will be sent to the the configured Azure board.

The screen contains the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Severity

The severity level of a vulnerability that triggers the Feedback App.

  • High

  • Medium

  • Low

  • Info

  • It is possible to select several severities

  • Default values - High, Medium

State (Optional)

To decrease the number of issues created in Azure Boards, specify also the state of a vulnerability that triggers the Feedback App.

In conjunction with the severity, this makes the setting more precise.

  • To Verify

  • Confirmed

  • Urgent

  • Proposed Not Exploitable

  • Not Exploitable

  • It is possible to select several states

  • Default values - Confirmed, Urgent, Proposed Not Exploitable, To Verify

Azure_Vulnerabilities_Filters.png

Click Next to go to App Credentials screen.

Click Back to return to General Settings screen.

App Credentials

Azure Credentials screen contains all the Azure board connection details.

The screen contains the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

URL

Azure URL must contain the organization

For example:

https://dev.azure.com/<organization>/

https://<organization>/visualstudio.com/

Free text

Token

Provide a Personal Access Token (PAT) for authenticating into Azure DevOps. For Microsoft instructions on creating a PAT, refer to this link.

Free text

Azure_App_Credentils1.png

Click Test Connection

Note

Once the connection is successful, a Project field will be added.

All the Azure board projects will be automatically fetched and presented in the drop-down list.

Azure_App_Credentils2.png

Click Next to go to App Configuration screen.

Click Back to go to Vulnerabilities Filters screen.

App Configuration

Azure Configuration screen contains all the Azure board details. In this screen users configure the filters for the the Bug Tracking Service - in this case Azure.

The screen contains the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Issue-type

The type of an issue that will be created in Azure Boards when a Checkmarx scan detects a vulnerability with the severity and, optionally, state that you specified in the Vulnerabilities Filters section.

Dynamic list

All the Azure issue types are automatically fetched and presented in the drop-down list.

Open-status

The status automatically assigned to an issue that the Feedback App creates in Azure Board.

Dynamic list

  • All the Azure Open statuses are automatically fetched and presented in the drop-down list.

  • It is possible to configure several statuses.

Close-status

The status automatically assigned when an issue that the Feedback App created in Azure Boards is closed.

Dynamic list

  • All the Azure Close statuses are automatically fetched and presented in the drop-down list.

  • It is possible to configure several statuses.

Tags (Optional)

The tag(s) automatically assigned to an issue that the Feedback App creates in Azure Boards.

Free text

Open-transition

If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened with this status.

Free text

  • Only 1 status can be configured.

  • Must be exactly as it exists in Azure.

Warning

Any mistake in the Close-transition status characters will cause an error

Close-transition

If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened.

When the issue is resolved, the reopened ticket will be closed with this status.

Free text

  • Only 1 status can be configured.

  • Must be exactly as it exists in Azure.

Warning

Any mistake in the Close-transition status characters will cause an error

Azure_App_Configuration.png

Click Next to go to Priorities Mapping screen.

Click Back to go to App Credentials screen.

Priorities Mapping

Azure Priorities Mapping is used for mapping Checkmarx One vulnerability severity to the corresponding Azure priority.

Note

Azure priorities are configured using 1-4 numbers.

For more information about Azure priorities see Azure Priorities

Field

Description

Optional Values

Notes

Azure Priorities

Select a suitable Azure Boards priority for each vulnerability severity.

To appear in this screen, the severity needs to be selected in the Vulnerabilities Filter section.

Free text

The values are 1-4

Azure_Priorities_Mapping.png

Click Create App

Click Back to go to App Configuration screen.

GitHub Issues

Preconditions

GitHub Issues is a lightweight issue-tracking system that is available in all GitHub repositories.

When you create a GitHub repo, you get GitHub Issues enabled out of the box.

If GitHub Issues is not enabled for the relevant repo, use the below link as a reference to enable it:

Disabling GitHub Issues

In the Select Feedback App screen select GitHub Issues as the Bug Tracking Service.

Select_GitHub_Issues.png

General Settings

GitHub Issues General Setting screen contains basic details for the new Feedback App.

The screen includes the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Feedback App Name

Free text

Description (Optional)

Feedback App description

Free text

Tags (Optional)

Assign tags to a Feedback App

Free text

Tags are very useful for filtering purposes

Click Next to go to Vulnerabilities Filters screen.

Click Back to return to Select Feedback App screen.

6264752887.png

Vulnerabilities Filters

GitHub Issues Vulnerabilities Filters screen refers to Checkmarx One filtered scan vulnerabilities results.

In this screen users configure the filters for the Checkmarx One scan vulnerabilities results. The results will be sent to the the configured GitHub Issues board.

The screen contains the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Severity

The severity level of a vulnerability that triggers the Feedback App.

  • High

  • Medium

  • Low

  • Info

  • It is possible to select several severities.

  • Default values - High, Medium

State (Optional)

To decrease the number of issues created in Azure Boards, specify also the state of a vulnerability that triggers the Feedback App.

In conjunction with the severity, this makes the setting more precise.

  • To Verify

  • Confirmed

  • Urgent

  • Proposed Not Exploitable

  • Not Exploitable

  • It is possible to select several states.

  • Default values - Confirmed, Urgent, Proposed Not Exploitable, To Verify

GitHub_Issues_Vulnerabilities_Filters.png

Click Create App

Click Back to return to General Settings screen.