Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
📙 You will learn
Prerequisites
Audience: IT Professional or End User
Difficulty: Basic, Intermediate or Advanced
Time needed: Approximately __ minutes
Tools required: If any
Below are the steps to incorporate the automated defect creation process.
Create a Defect Tracker instance by going to Integrations -> Defect Trackers (refer to the
...
Create Defect Tracker page for more info).
Create a defect profile which fills out all required fields for that configured defect tracker by clicking the “Show Default Profiles” button, then clicking the “Create Profile” button.
Image Modified
Image Modified
Open the Application Detail page for the application you wish to configure automated defect creation on and select the Top Action Menu -> Manage Defect Trackers -> Edit Defect Trackers.
Image Modified
Click the “Add Defect Tracker” button to select the configured defect tracker you would like associated to this application.
Image Modified
Click the “Change Profile” button to expand all configured profiles for this defect tracker and select a profile to be the default profile (ensure you select a default profile that fills all required fields).
Image Modified
Go to the Manage Policies page under Customize -> Policies.
Image Modified
Select the Defect Reporters tab,
...
click the “Create Defect Reporter” button and select the criteria for which you would like to auto-create defects.
First, by selecting the Severity you would like automated defects to be created for, you can dictate when to create a defect. For example, if you select Severity "High" and chose the "Or Greater" option, a defect will be created anytime a new vulnerability is introduced with a High or Critical Severity.
The Group By options let you choose to bundle similar vulnerabilities or severities into a single defect to reduce the potential noise created by a bad check-in or a particularly troubled new feature. Choose between no grouping, bundling by identical CWE's, bundling by identical Severities, or bundling by identical CWE's per severity. If you choose "CWE and Severity", for example, all Critical XSS vulnerabilities would be grouped into a single defect with all High XSS vulnerabilities grouped into a separate defect.
Image Modified
Click the “Applications” button for the policy you just defined.
Image Modified
Start typing the desired application name you wish to add, select it from the drop-down list, and click the 'Add Application' button;. Repeat if you want to add more applications.
Image Modified
You'll receive confirmation that the defect tracker was added.
Image Modified
After the above steps, when you upload a scan into the ThreadFix application, ThreadFix will submit defects for new vulnerabilities that meet the specified criteria (i.e., automated defects will not be created for existing vulnerabilities).