Bug Tracking Services
The following Bug Tracking Services are supported via Feedback App feature:
Jira
Note
The lowest Jira permission level that is needed to be able to create Jira issues (Bug, Task, Story, etc.) are Browse projects and Create issues project permission.
For additional information see Create Issues and Manage project permissions
In the Select Feedback App screen select Jira as the Bug Tracking Service.
 |
Jira Authentication
Checkmarx One supports both Jira cloud and Jira on-prem integrations.
Notice
For Jira on-prem integration It is possible to add the Checkmarx One external IP addresses to the customer FW whitelist - For more information see Checkmarx One External IP's List
Jira authentication is performed according to the following table:
Jira Version | Authentication Method |
|---|---|
Jira cloud | Username + API Token |
Jira Core 8.14 and later (on-prem) | Username + Token |
Jira Software 8.14 and later (on-prem) | Personal Access Token |
Jira Service Management 4.15 and later (on-prem) | Username + Token |
Jira on-prem lower than the above versions | Username + Password |
Jira Limitations
The below table presents Jira limitations.
Limitation | Notes |
|---|---|
Need to add project id and not name | Update planned |
Can’t add a label-prefix | Update planned |
Can’t change JIRA title in JIRA | |
Can’t add mandatory fields to the wizard | Planned to implemented with dynamic Jira manifest |
Can’t customize summary format | Not planned |
General Settings
Jira General Setting screen contains basic details for the new Feedback App.
The screen includes the following fields:
Note
Mandatory fields are marked with 
.
Field | Description | Optional Values | Notes |
|---|---|---|---|
Feedback App Name | Free text | ||
Description (Optional) | Feedback App description | Free text | |
Tags (Optional) | Assign tags to a Feedback App | Free text | Tags are very useful for filtering purposes |
Click Next to go to Vulnerabilities Filters screen.
Click Back to return to Select Feedback App screen.
 |
Vulnerabilities Filters
Jira Vulnerabilities Filters screen refers to Checkmarx One filtered scan vulnerabilities results.
In this screen users configure the filters for the Checkmarx One scan vulnerabilities results. The results will be sent to the configured Jira board.
The screen contains the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
Severity | The severity level of a vulnerability that triggers the Feedback App. |
|
|
State (Optional) | To decrease the number of issues created in Azure Boards, specify also the state of a vulnerability that triggers the Feedback App. In conjunction with the severity, this makes the setting more precise. |
|
|
 |
Click Next to go to App Credentials screen.
Click Back to return to General Settings screen.
App Credentials
App Credentials screen contains all the Jira board connection details.
The screen contains the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
API Token / Personal Access Token | Jira authentication method | ||
URL | Jira main URL For example: https://checkmarx.atlassian.net/ | Free text | |
Email / Username | Jira Email / Username | Free text |
|
Token / Password | Jira Token / Password | Free text |
|
Perform the following:
Select the authentication method.
For additional information see Jira Authentication
Fill in the URL, Username & Token fields.
Click Test Connection
Note
Once the connection is successful, a "Project" field will be added.
All the Jira board projects will be automatically fetched and presented in the drop-down list.
Click Next to go to App Credentials screen.
Click Back to return to Vulnerabilities Filters screen.
App Configuration
App Configuration screen contains all the Jira board details. In this screen users configure the filters for the Bug Tracking Service - in this case Jira.
The screen contains the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
Issue-type | The type of an issue that will be created in Jira Board when a Checkmarx scan detects a vulnerability with the severity and, optionally, state that you specified in the Vulnerabilities Filters section. | Dynamic list | All the Jira issue types are automatically fetched and presented in the drop-down list. |
Open-status | The status automatically assigned to an issue that the Feedback App creates in Jira Board. | Dynamic list |
|
Close-status | The status automatically assigned when an issue that the Feedback App created in Jira Boards is closed. | Dynamic list |
|
Labels (Optional) | Configure which Jira labels will be assigned to the opened Jira tickets | Free text | |
Open-transition | If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened with this status. | Free text |
WarningAny mistake in the Open-transition status characters will cause an error |
Close-transition | If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened. When the issue is resolved, the reopened ticket will be closed with this status. | Free text |
WarningAny mistake in the Close-transition status characters will cause an error |
Due-date (Optional) | What is the due date for the Jira tickets that will be opened. |
|
Once the user selects an issue type that has at least one supported additional field, Set additional issue fields checkbox appears.
Additional issue fields provide the option to set the relevant values for Jira custom fields, of which some/all may be required for opening Jira tickets.
For more information about Jira custom fields, see Jira Free Form
For example:
 |
Click Next to go to Priorities Mapping screen
Click Back to go to App Credentials screen.
Priorities Mapping
Jira Priorities Mapping is used for mapping Checkmarx One vulnerability severity to the corresponding Jira priority.
Field | Description | Optional Values | Notes |
|---|---|---|---|
Jira Priorities | Select a suitable Azure Boards priority for each vulnerability severity. To appear in this screen, the severity needs to be selected in the Vulnerabilities Filter section. | Free text |
 |
Click Create App
Click Back to return to App Credentials screen.
Jira Free Form
Jira free form feature enhances the support for opening Jira tickets.
This is being performed by allowing the user the option to set the relevant values for Jira custom fields, of which some/all may be required for opening Jira tickets.
The feature also improves the user experience by allowing additional field types to be configured, mandatory or not.
These field types appear in Jira project settings on the right side, and they are defined per issue type (Bub, Task, Story, etc.)
 |
Checkmarx One support the following out of the box Jira custom fields:
Short text
Paragraph
Date
Number
Time stamp
Labels
Dropdown
Checkbox
Limitations
Only a Jira user with Create issues project permission user role will be able to see the custom fields.
For additional information about Jira permissions see Create issues in Jira and Jira operation permissions
Predefined fields that are created using Jira plugins are not supported. This means that it might be that some required Jira fields won't appear in the additional issue fields options.
Azure
In the Select Feedback App screen select Azure as the Bug Tracking Service.
 |
General Settings
General Setting screen contains basic details for the new Feedback App.
The screen includes the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
Feedback App Name | Free Text | ||
Description (Optional) | Feedback App description | Free Text | |
Tags (Optional) | Assign tags to a Feedback App | Free Text | Tags are very useful for filtering purposes |
 |
Click Next to go to Vulnerabilities Filters screen.
Click Back to return to Select Feedback App screen.
Azure Vulnerabilities Filters
Azure Vulnerabilities Filters screen refers to Checkmarx One filtered scan vulnerabilities results.
In this screen users configure the filters for the Checkmarx One scan vulnerabilities results. The results will be sent to the the configured Azure board.
The screen contains the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
Severity | The severity level of a vulnerability that triggers the Feedback App. |
|
|
State (Optional) | To decrease the number of issues created in Azure Boards, specify also the state of a vulnerability that triggers the Feedback App. In conjunction with the severity, this makes the setting more precise. |
|
|
 |
Click Next to go to App Credentials screen.
Click Back to return to General Settings screen.
App Credentials
Azure Credentials screen contains all the Azure board connection details.
The screen contains the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
URL | Azure URL must contain the organization For example: https://dev.azure.com/<organization>/ https://<organization>/visualstudio.com/ | Free text | |
Token | Provide a Personal Access Token (PAT) for authenticating into Azure DevOps. For Microsoft instructions on creating a PAT, refer to this link. | Free text |
 |
Click Test Connection
Note
Once the connection is successful, a Project field will be added.
All the Azure board projects will be automatically fetched and presented in the drop-down list.
 |
Click Next to go to App Configuration screen.
Click Back to go to Vulnerabilities Filters screen.
App Configuration
Azure Configuration screen contains all the Azure board details. In this screen users configure the filters for the the Bug Tracking Service - in this case Azure.
The screen contains the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
Issue-type | The type of an issue that will be created in Azure Boards when a Checkmarx scan detects a vulnerability with the severity and, optionally, state that you specified in the Vulnerabilities Filters section. | Dynamic list | All the Azure issue types are automatically fetched and presented in the drop-down list. |
Open-status | The status automatically assigned to an issue that the Feedback App creates in Azure Board. | Dynamic list |
|
Close-status | The status automatically assigned when an issue that the Feedback App created in Azure Boards is closed. | Dynamic list |
|
Tags (Optional) | The tag(s) automatically assigned to an issue that the Feedback App creates in Azure Boards. | Free text | |
Open-transition | If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened with this status. | Free text |
WarningAny mistake in the Close-transition status characters will cause an error |
Close-transition | If a vulnerability that was already attended to reoccurs in a next scan, the corresponding ticket will be automatically reopened. When the issue is resolved, the reopened ticket will be closed with this status. | Free text |
WarningAny mistake in the Close-transition status characters will cause an error |
 |
Click Next to go to Priorities Mapping screen.
Click Back to go to App Credentials screen.
Priorities Mapping
Azure Priorities Mapping is used for mapping Checkmarx One vulnerability severity to the corresponding Azure priority.
Note
Azure priorities are configured using 1-4 numbers.
For more information about Azure priorities see Azure Priorities
Field | Description | Optional Values | Notes |
|---|---|---|---|
Azure Priorities | Select a suitable Azure Boards priority for each vulnerability severity. To appear in this screen, the severity needs to be selected in the Vulnerabilities Filter section. | Free text | The values are 1-4 |
 |
Click Create App
Click Back to go to App Configuration screen.
GitHub Issues
Preconditions
GitHub Issues is a lightweight issue-tracking system that is available in all GitHub repositories.
When you create a GitHub repo, you get GitHub Issues enabled out of the box.
If GitHub Issues is not enabled for the relevant repo, use the below link as a reference to enable it:
In the Select Feedback App screen select GitHub Issues as the Bug Tracking Service.
 |
General Settings
GitHub Issues General Setting screen contains basic details for the new Feedback App.
The screen includes the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
Feedback App Name | Free text | ||
Description (Optional) | Feedback App description | Free text | |
Tags (Optional) | Assign tags to a Feedback App | Free text | Tags are very useful for filtering purposes |
Click Next to go to Vulnerabilities Filters screen.
Click Back to return to Select Feedback App screen.
 |
Vulnerabilities Filters
GitHub Issues Vulnerabilities Filters screen refers to Checkmarx One filtered scan vulnerabilities results.
In this screen users configure the filters for the Checkmarx One scan vulnerabilities results. The results will be sent to the the configured GitHub Issues board.
The screen contains the following fields:
Note
Mandatory fields are marked with .
Field | Description | Optional Values | Notes |
|---|---|---|---|
Severity | The severity level of a vulnerability that triggers the Feedback App. |
|
|
State (Optional) | To decrease the number of issues created in Azure Boards, specify also the state of a vulnerability that triggers the Feedback App. In conjunction with the severity, this makes the setting more precise. |
|
|
 |
Click Create App
Click Back to return to General Settings screen.