Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
📙 You will learn
Below are the steps to incorporate the automated defect creation process.
Create a Defect Tracker instance by going to Integrations -> Defect Trackers (refer to the
...
Create Defect Tracker page for more info).
Create a defect profile which fills out all required fields for that configured defect tracker by clicking the “Show Default Profiles” button, then clicking the “Create Profile” button.
Image AddedProvide a name and product to reference.
...
Image AddedEnter and/or select the Defect Defaults details values as desired.
Image AddedOpen the Application Detail page for the application you wish to configure automated defect creation on and select the Top Action Menu -> Manage Defect Trackers -> Edit Defect Trackers.
...
- Image Added
Click the “Add Defect Tracker” button to select the configured defect tracker you would like associated to this application.
...
- Image Added
Click the “Change Profile” button to expand all configured profiles for this defect tracker and select a profile to be the default profile (ensure you select a default profile that fills all required fields).
...
- Image Added
Go to the Manage Policies page under Customize -> Policies.
...
- Image Added
Select the Defect Reporters tab,
...
click the “Create Defect Reporter” button and select the criteria for which you would like to auto-create defects.
First, by selecting the Severity you would like automated defects to be created for, you can dictate when to create a defect. For example, if you select Severity "High" and chose the "Or Greater" option, a defect will be created anytime a new vulnerability is introduced with a High or Critical Severity.
The Group By options let you choose to bundle similar vulnerabilities or severities into a single defect to reduce the potential noise created by a bad check-in or a particularly troubled new feature. Choose between no grouping, bundling by identical CWE's, bundling by identical Severities, or bundling by identical CWE's per severity. If you choose "CWE and Severity", for example, all Critical XSS vulnerabilities would be grouped into a single defect with all High XSS vulnerabilities grouped into a separate defect.
...
- Image Added
Click the “Applications” button for the policy you just defined.
...
- Image Added
Start typing the desired application name you wish to add, select it from the drop-down list, and click the 'Add Application' button
...
. Repeat if you want to add more applications.
...
- Image Added
You'll receive confirmation that the defect tracker was added.
...
- Image Added
After the above steps, when you upload a scan into the ThreadFix application, ThreadFix will submit defects for new vulnerabilities that meet the specified criteria (i.e., automated defects will not be created for existing vulnerabilities).