📙 You will learn
Prerequisites
Audience: IT Professional or End User
Difficulty: Basic, Intermediate or Advanced
Time needed: Approximately __ minutes
Tools required: If any
This section outlines the ThreadFix Defect Tracker (tool) support.
Introduction
ThreadFix supports Defect Trackers, this involves two primary functions. The first is to bundle and export ThreadFix vulnerabilities into the tracker's defect format. The second is to get the current status of the defect from the tracker and update the ThreadFix vulnerabilities.
Supported Defect Trackers
ThreadFix currently supports these Defect Trackers:
Suggested if we support it : Micro Focus Quality Center (formerly HP Quality Center, this has been removed from HP’s website)
Microsoft Team Foundation Server (TFS), Visual Studio Team Service (VSTS), and Azure DevOps
Bugzilla
Bugzilla is a popular open-source defect tracking system created by the Mozilla Foundation, the developers of Firefox. The Bugzilla website has more information about its features and installation.
HP Quality Center (acquired by Micro Focus)
This no longer seems to exist, not on HP’s website and support for it seems to be gone too. Seems to have been replaced with https://www.microfocus.com/en-us/products/alm-quality-center/overview any suggestions?
Hewlett-Packard's Quality Center is quality management software featuring defect and requirements tracking. It is available as a free, open-source Community Edition or as a paid Enterprise version. The Enterprise version has an expanded feature set and technical support. Installation of HPQC Enterprise can be on premise, or is available in a SaaS implementation. More information regarding HP Quality Center is available on the HP website.
JIRA
Atlassian's JIRA is a project management and issue tracking application, geared toward agile development. Users can install JIRA on their own server, or use a hosted, SaaS solution. More information is available on the Atlassian website. OAuth is supported in ThreadFix for JIRA.
To be able to submit defects, the JIRA user account must have these permissions: Browse Projects, Create Issues, Assign Issues and, if the project does not allow non-assigned issues, at least one user must have the Assignable User permission.
ThreadFix leverages JIRA’s Status and Status Category* fields to determine if a defect is Open (red) or Closed (green). Note: If the Status Category is available, ThreadFix prioritizes it over Status.
JIRA has three status categories: To Do, In Progress, and Done. If a defect has a Status Category of “Done”, it is considered Closed in ThreadFix. The status of “Resolved” falls under the “Done” category.
JIRA allows users to create and map various statuses to different categories but does not allow users to create new categories.
Microsoft Visual Studio Team Foundation Server / VSTS
Microsoft's Visual Studio Team Foundation Server is a version control and project management platform aimed at developing Windows applications. This application shares the same API as Visual Studio Team Services. More details about Team Foundation Server are on Microsoft's website. For info on how to configure security on the VSTS side, see the corresponding section at the bottom of this article.
VersionOne
VersionOne is an Application Lifecycle Management platform, designed with agile and lean development methodologies as its focus. Read more about its features and capabilities on the VersionOne website.
IBM Rational ClearQuest
IBM Rational ClearQuest is a database workflow application development and production system. You can read more about its features on the IBM Rational ClearQuest website.
Rally (CA Agile Central)
Rally (now CA Agile Central) is an enterprise-class platform that's purpose-built for scaling agile development practices. It provides a hub for teams to collaboratively plan, prioritize and track work on a synchronized cadence. You can read more about its features and capabilities on the CA Technologies website.