DAST (Sites) Configuration

Select Configure DAST Settings to set your default reporter and assignee, map assets or groups to JIRA® projects, and map ticket priority to Sentinel ratings. The settings for each are broadly comparable, but some specifics will be called out where relevant.

To configure the WhiteHat Sentinel Cloud Plugin for JIRA® perform the following steps:

  1. Click DAST (Sites) Configuration.

    DAST config cloud jira plugin 1

  2. Set the default JIRA® assignee for a given asset (site or application) and associated JIRA® project. (This will map these assets to the JIRA® project(s) in question.) To set default assignees by group rather than asset, select the Sentinel Groups radio button. In this case, all assets in a group will be associated to the JIRA® project selected.

Mapping Configuration

  1. Select an asset from the list of DAST Assets.

    DAST config cloud jira plugin 2

  2. Select a project from the Projects list to assign.

    The autocomplete for some fields might not populate until you enter an exact match. This is due to an Atlassian limitation.

  3. Type the name or email of your Jira User Reporter in the search bar provided and then select them from the list.

  4. Type the name or email of your Jira User to assign in the search bar provided and then select them from the list.

  5. Select the Jira Issue Type from the drop down list.

  6. The value of Jira Issue Status for OPEN Issues is automatically set, based on the Jira project workflow. This Select box is disabled and manual change is not possible.

  7. Set Jira Issue Transition For Closed Issues to the status you want Jira Tickets to have when the plugin closes them (for example, Done, In Review, or Closed). These values can be different, depending on the selected Jira Issue Type.

  8. You can create Custom Issue Labels, which apply to each Jira Issue in the selected Jira Project.

  9. If you want to map your DAST assets to multiple Jira Projects you can add another Mapping Configuration by clicking the Add Mapping Configuration“ button. To configure another Mapping Configuration follow previous steps (1-8).

  10. If you wish to remove Mapping Configuration click Remove Mapping Configuration. It is not possible to remove the first Mapping Configuration. In case you don’t want DAST integration to run simply disable DAST integration in the Basic Configuration tab.

  11. Click Save All Mapping Configurations. If saving was successful, a message will appear. If the message does not appear, refer to the Monitoring/Debugging section.

Allow only vulnerabilities with tags

  1. Type in the text box, you can define tag/s. Only DAST assets including defined tag/s will be processed by the plugin.

    SAST config cloud jira plugin 3
    If the input is empty and does not contain any tag/s, all selected DAST assets will be processed.

  2. To save changes click the Add Tag/s. If saving the successful message should appear. If the message does not appear refer to the Monitoring/Debugging section.

Authorize Jira Groups to View/Interact Vulnerability Content (Retesting, TRC Team Responses, Add note and tag, and Submit Questions)

  1. Select one or multiple Jira User Groups which will be authorized to view retesting status of asset/vulnerability, and TRC team responses. This group is authorized to Add Notes and Tag/s and Submit questions related to specific vulnerability opened in Jira Issue view.

    SAST config cloud jira plugin 4

  2. Click Authorize Groups. If saving was successful, a message will appear. If the message does not appear, refer to the Monitoring/Debugging section.

Customize Jira Issue

  1. Click Customize Jira Issue.

    SAST config cloud jira plugin 5

  2. Edit the Customize Jira Issue Summary text field.

  3. Edit the Customize Jira Issue Description text field.

  4. When you have completed configuration for DAST (Sites) according to your preferences, click Save Customization.

  5. To restore the default values, click Restore default values.

You must click Save Customization after selecting Restore default values to keep the default values.