Ticketing and issue tracking
The Veracode integrations for ticketing and issue-tracking systems enable you to automatically create tickets and merge them into defect backlogs.
The tickets contain information about the production-level and sandbox vulnerabilities identified during Veracode application security scans. These tickets are then managed like all application bugs or defects and are automatically given a severity, assigned to developers, and prioritized.
Veracode APIs and integrations require access to specific Region Domains, depending on the region for your Veracode account. Contact your IT team to ensure the correct domains for your region are on the allowlist for your organization. Also, ensure that there is one-way communication on port 443 to the domain for the REST APIs. Refer to the complete list of domains and IP addresses to add to your allowlist.
To learn more about these integrations and interact with other users, visit the Community forum.
To keep the status of imported findings in your ticketing system in sync with the status of the actual findings in the Veracode Platform, you must routinely run the integration.
Veracode integrates with the following ticketing and issue-tracking systems:
Asana
To import and manage findings in Asana with an extension, see Ticketing integrations.
Integration type: Community
Azure DevOps
To import and manage findings in Azure DevOps with an extension, see Azure DevOps Extension.
Integration type: Veracode-Authored
Bugzilla
To import and manage findings in Bugzilla with the Java API wrapper, see Bugzilla.
Integration type: Veracode-Authored
DefectDojo
To import Dynamic Analysis vulnerabilities from DAST Essentials and manage them in DefectDojo, see DAST Essentials.
Integration type: Community
Jira
Select from the following integrations:
- Veracode Integration for Jira to import and manage findings with a plugin.
- DAST Essentials to import and manage Dynamic Analysis vulnerabilities from DAST Essentials.
Integration type: Veracode-Authored
Jira Cloud
Select from the following integrations:
- Veracode Integration for Jira Cloud to import and manage findings with a plugin.
- DAST Essentials to import and manage Dynamic Analysis vulnerabilities from DAST Essentials.
- SCA Agent to create issues for SCA vulnerabilities in the Veracode Platform.
Integration type: Veracode-Authored
ServiceNow
To import and manage findings in ServiceNow, download the extension Vulnerability Response Integration with Veracode from the ServiceNow Store. To use this extension, your Veracode account must have access to the Reporting API.
Integration type: Partner