Issue Tracking

Mend SAST® currently supports Atlassian Jira, Azure DevOps (Work Items), Redmine and GitHub Issues for issue submissions in the Mend SAST® environment. Issues can be submitted for individual vulnerabilities or on the scan level via the triggers that are assigned to an application. Only triggers assigned to applications take effect.

Jira is configured by providing an URL of the Jira deployment (Jira Server or Cloud), a username, password and authentication type. If a Jira token is used, choose the Basic authentication type and enter the token in the password field.

GitHub is configured by providing a name of an organization (or username in case of a user account hosting the repositories) and an access token.

Redmine is configured by providing an URL of the Redmine deployment and an access token.

Azure DevOps is configured by providing a server or organization URL (e.g., https://dev.azure.com/WhiteSource) and a personal access token (PAT).

Triggers enable conditional submission of issues based on the results of a scan. When submitted, the issue will contain the summary of a scan and an attached technical HTML report. To add a new trigger, click on the +ADD button in the upper right corner of the triggers card. Once a trigger is configured and added, it can be used in a scan configuration. The following conditions are available:

Total count of vulnerabilities
High risk vulnerability count
Medium risk vulnerability count
Low risk vulnerability count
Specific vulnerability type
No vulnerabilities found

For Jira and Azure DevOps a project key or a project name and issue type or an item type needs to be set that corresponds to the project where the issue should be submitted.