Field Mapping
Field mapping determines what field in Veracode is copied to what field in Rally and is performed through XSLT (Extensible Stylesheet Language Transformations). Using the veracode2rally.xsl file located in the resources folder and the Veracode Detailed Flaw Report (detailedreport.xml), a new XML file (veracode2rally.xml) is generated for each application. This is the file that Veracode2Rally uses for calling Rally APIs to create and update tickets. Documentation for veracode2rally.xsl is available to customize Veracode2Rally field mapping and can be viewed here.
Below is the default Veracode2Rally field mapping configuration. Veracode2rallyID is a unique identifier and should not be deleted but can be mapped to another Rally field. Run the veracode2rally_Config utility and enter the field name designated to be the Unique ID in the “Unique ID” text box. Instructions on how to use this utility is available in the QuickStart guide.
Veracode | Rally |
---|---|
categoryname | name |
issueid (Veracode Flaw ID) | description |
cweid (CWE) | description |
module (Module) | description |
sourcefile/line (Source) | description |
type (Attack Vector) | description |
severity (Severity) | description |
exploitLevel (Exploitability) | description |
remediationeffort (Effort to Fix) | description |
description (Description/Remediation) | description |
veracode2rallyID (veracode2rally ID) | description |
Read more: