Skip to main content

Bug Tracking Services

The following Bug Tracking Services are supported via Feedback App feature:

Jira

In the Select Feedback App screen select Jira as the Bug Tracking Service.

Select_Jira.png

Jira Authentication

Checkmarx One supports both Jira cloud and Jira on-prem integrations.

Notice

For Jira on-prem integration It is possible to add the Checkmarx One external IP addresses to the customer FW whitelist - For more information see Checkmarx One External IP's List

Jira authentication is performed according to the following table:

Jira Version

Authentication Method

Jira cloud

Email + Token

Jira Core 8.14 and later (on-prem)

Email + Token

Jira Software 8.14 and later (on-prem)

Email + Token

Jira Service Management 4.15 and later (on-prem)

Email + Token

Jira on-prem lower than the above versions

Username + Password

Jira Limitations

The below table presents Jira limitations.

Limitation

Notes

Need to add project id and not name

Update planned

Can’t add a label-prefix

Update planned

Can’t change JIRA title in JIRA

Can’t add mandatory fields to the wizard

Planned to implemented with dynamic Jira manifest

Can’t customize summary format

Not planned

General Settings

Jira General Setting screen contains basic details for the new Feedback App.

The screen includes the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Feedback App Name

Free text

Description (Optional)

Feedback App description

Free text

Tags (Optional)

Assign tags to a Feedback App

Free text

Tags are very useful for filtering purposes

Click Next to go to Vulnerabilities Filters screen.

Click Back to return to Select Feedback App screen.

Jira_General_Settings.png

Vulnerabilities Filters

Jira Vulnerabilities Filters screen refers to Checkmarx One filtered scan vulnerabilities results.

In this screen users configure the filters for the Checkmarx One scan vulnerabilities results. The results will be sent to the the configured Jira board.

The screen contains the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Severity

The severity level of a vulnerability that triggers the Feedback App.

  • High

  • Medium

  • Low

  • Info

  • It is possible to select several severities

  • Default values - High, Medium

State (Optional)

To decrease the number of issues created in Azure Boards, specify also the state of a vulnerability that triggers the Feedback App.

In conjunction with the severity, this makes the setting more precise.

  • To Verify

  • Confirmed

  • Urgent

  • Proposed Not Exploitable

  • Not Exploitable

  • It is possible to select several states

  • Default values - Confirmed, Urgent, Proposed Not Exploitable, To Verify

Jira_Vulnerabilities_Filters.png

Click Next to go to App Credentials screen.

Click Back to return to General Settings screen.

App Credentials

App Credentials screen contains all the Jira board connection details.

The screen contains the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

URL

Jira main URL

For example: https://checkmarx.atlassian.net/

Free text

Email / Username

Jira Email / Username

Free text

  • Jira cloud based: Email

  • Jira on-prem: Username

Jira Authentication

Token / Password

Jira Token / Password

Free text

  • Jira cloud based: Token

  • Jira on-prem: Password

Jira Authentication

App_Credentials.png

Click Test Connection

Note

  • Once the connection is successful, a "Project" field will be added.

  • All the Jira board projects will be automatically fetched and presented in the drop-down list.

    App_Credentials_Project_Field.png

Click Next to go to App Credentials screen.

Click Back to return to Vulnerabilities Filters screen.

App Configuration

App Configuration screen contains all the Jira board details. In this screen users configure the filters for the the Bug Tracking Service - in this case Jira.

The screen contains the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Issue-type

The type of an issue that will be created in Jira Board when a Checkmarx scan detects a vulnerability with the severity and, optionally, state that you specified in the Vulnerabilities Filters section.

Dynamic list

All the Jira issue types are automatically fetched and presented in the drop-down list.

Open-status

The status automatically assigned to an issue that the Feedback App creates in Jira Board.

Dynamic list

  • All the Jira Open statuses are automatically fetched and presented in the drop-down list.

  • It is possible to configure several statuses.

Close-status

The status automatically assigned when an issue that the Feedback App created in Azure Boards is closed.

Dynamic list

  • All the Jira Close statuses are automatically fetched and presented in the drop-down list.

  • It is possible to configure several statuses.

Labels (Optional)

Configure which Jira labels will be assigned to the opened Jira tickets

Free text

Open-transition

If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened with this status.

Free text

  • Only 1 status can be configured.

  • Must be exactly as it exists in Jira.

Warning

Any mistake in the Open-transition status characters will cause an error

Close-transition

If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened.

When the issue is resolved, the reopened ticket will be closed with this status.

Free text

  • Only 1 status can be configured.

  • Must be exactly as it exists in Jira.

Warning

Any mistake in the Close-transition status characters will cause an error

Due-date (Optional)

What is the due date for the Jira tickets that will be opened.

  • 1 week

  • 2 weeks

  • 1 month

  • 2 months

  • 3 months

Click Next to go to Priorities Mapping screen.

Click Back to go to App Credentials screen.

Priorities Mapping

Jira Priorities Mapping is used for mapping Checkmarx One vulnerability severity to the corresponding Azure priority.

Field

Description

Optional Values

Notes

Jira Priorities

Select a suitable Azure Boards priority for each vulnerability severity.

To appear in this screen, the severity needs to be selected in the Vulnerabilities Filter section.

Free text

6207144279.png

Click Create App

Click Back to return to App Credentials screen.

Azure

In the Select Feedback App screen select Azure as the Bug Tracking Service.

Select_Azure.png

General Settings

General Setting screen contains basic details for the new Feedback App.

The screen includes the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Feedback App Name

Free Text

Description (Optional)

Feedback App description

Free Text

Tags (Optional)

Assign tags to a Feedback App

Free Text

Tags are very useful for filtering purposes

6585417871.png

Click Next to go to Vulnerabilities Filters screen.

Click Back to return to Select Feedback App screen.

Azure Vulnerabilities Filters

Azure Vulnerabilities Filters screen refers to Checkmarx One filtered scan vulnerabilities results.

In this screen users configure the filters for the Checkmarx One scan vulnerabilities results. The results will be sent to the the configured Azure board.

The screen contains the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Severity

The severity level of a vulnerability that triggers the Feedback App.

  • High

  • Medium

  • Low

  • Info

  • It is possible to select several severities

  • Default values - High, Medium

State (Optional)

To decrease the number of issues created in Azure Boards, specify also the state of a vulnerability that triggers the Feedback App.

In conjunction with the severity, this makes the setting more precise.

  • To Verify

  • Confirmed

  • Urgent

  • Proposed Not Exploitable

  • Not Exploitable

  • It is possible to select several states

  • Default values - Confirmed, Urgent, Proposed Not Exploitable, To Verify

Azure_Vulnerabilities_Filters.png

Click Next to go to App Credentials screen.

Click Back to return to General Settings screen.

App Credentials

Azure Credentials screen contains all the Azure board connection details.

The screen contains the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

URL

Azure URL must contain the organization

For example:

https://dev.azure.com/<organization>/

https://<organization>/visualstudio.com/

Free text

Token

Provide a Personal Access Token (PAT) for authenticating into Azure DevOps. For Microsoft instructions on creating a PAT, refer to this link.

Free text

Azure_App_Credentils1.png

Click Test Connection

Note

Once the connection is successful, a Project field will be added.

All the Azure board projects will be automatically fetched and presented in the drop-down list.

Azure_App_Credentils2.png

Click Next to go to App Configuration screen.

Click Back to go to Vulnerabilities Filters screen.

App Configuration

Azure Configuration screen contains all the Jira board details. In this screen users configure the filters for the the Bug Tracking Service - in this case Azure.

The screen contains the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Issue-type

The type of an issue that will be created in Azure Boards when a Checkmarx scan detects a vulnerability with the severity and, optionally, state that you specified in the Vulnerabilities Filters section.

Dynamic list

All the Jira issue types are automatically fetched and presented in the drop-down list.

Open-status

The status automatically assigned to an issue that the Feedback App creates in Azure Board.

Dynamic list

  • All the Jira Open statuses are automatically fetched and presented in the drop-down list.

  • It is possible to configure several statuses.

Close-status

The status automatically assigned when an issue that the Feedback App created in Azure Boards is closed.

Dynamic list

  • All the Jira Close statuses are automatically fetched and presented in the drop-down list.

  • It is possible to configure several statuses.

Tags (Optional)

The tag(s) automatically assigned to an issue that the Feedback App creates in Azure Boards.

Free text

Open-transition

If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened with this status.

Free text

  • Only 1 status can be configured.

  • Must be exactly as it exists in Azure.

Warning

Any mistake in the Close-transition status characters will cause an error

Close-transition

If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened.

When the issue is resolved, the reopened ticket will be closed with this status.

Free text

  • Only 1 status can be configured.

  • Must be exactly as it exists in Azure.

Warning

Any mistake in the Close-transition status characters will cause an error

Azure_App_Configuration.png

Click Next to go to Priorities Mapping screen.

Click Back to go to App Credentials screen.

Priorities Mapping

Azure Priorities Mapping is used for mapping Checkmarx One vulnerability severity to the corresponding Azure priority.

Note

Azure priorities are configured using 1-4 numbers.

Field

Description

Optional Values

Notes

Azure Priorities

Select a suitable Azure Boards priority for each vulnerability severity.

To appear in this screen, the severity needs to be selected in the Vulnerabilities Filter section.

Free text

The values are 1-4

Azure_Priorities_Mapping.png

Click Create App

Click Back to go to App Configuration screen.

GitHub Issues

Preconditions

GitHub Issues is a lightweight issue-tracking system that is available in all GitHub repositories.

When you create a GitHub repo, you get GitHub Issues enabled out of the box.

If GitHub Issues is not enabled for the relevant repo, use the below link as a reference to enable it:

Disabling GitHub Issues

In the Select Feedback App screen select GitHub Issues as the Bug Tracking Service.

Select_GitHub_Issues.png

General Settings

GitHub Issues General Setting screen contains basic details for the new Feedback App.

The screen includes the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Feedback App Name

Free text

Description (Optional)

Feedback App description

Free text

Tags (Optional)

Assign tags to a Feedback App

Free text

Tags are very useful for filtering purposes

Click Next to go to Vulnerabilities Filters screen.

Click Back to return to Select Feedback App screen.

6264752887.png

Vulnerabilities Filters

GitHub Issues Vulnerabilities Filters screen refers to Checkmarx One filtered scan vulnerabilities results.

In this screen users configure the filters for the Checkmarx One scan vulnerabilities results. The results will be sent to the the configured GitHub Issues board.

The screen contains the following fields:

Note

Mandatory fields are marked with red_asterix.png.

Field

Description

Optional Values

Notes

Severity

The severity level of a vulnerability that triggers the Feedback App.

  • High

  • Medium

  • Low

  • Info

  • It is possible to select several severities.

  • Default values - High, Medium

State (Optional)

To decrease the number of issues created in Azure Boards, specify also the state of a vulnerability that triggers the Feedback App.

In conjunction with the severity, this makes the setting more precise.

  • To Verify

  • Confirmed

  • Urgent

  • Proposed Not Exploitable

  • Not Exploitable

  • It is possible to select several states.

  • Default values - Confirmed, Urgent, Proposed Not Exploitable, To Verify

GitHub_Issues_Vulnerabilities_Filters.png

Click Create App

Click Back to return to General Settings screen.