SAST (Applications) Configuration

Select Configure SAST Settings to set your default reporter and assignee, map assets or groups to JIRA® projects, and map ticket priority to Sentinel ratings. The settings for each are broadly comparable, but some specifics will be called out where relevant.

To configure the WhiteHat Sentinel Cloud Plugin for JIRA® perform the following steps:

Click SAST (Applications) Configuration.
Set the default JIRA® assignee for a given asset (site or application) and associated JIRA® project. (This will map these assets to the JIRA® project(s) in question.) To set default assignees by group rather than asset, select the Sentinel Groups radio button. In this case, all assets in a group will be associated to the JIRA® project selected.

Mapping Configuration

Select an asset from the list of SAST Assets.
Select a project from the Projects list to assign.

The autocomplete for some fields might not populate until you enter an exact match. This is due to an Atlassian limitation.
Type the username of your Jira User Reporter in the search bar provided and then select them from the list.
Type the username of your Jira User to assign in the search bar provided and then select them from the list.
Select the Jira Issue Type from the drop down list.
Jira Issue Status for OPEN Issues this value is automatically set, based on the Jira project workflow. This Select box is disabled and manual change is not possible.
Select a Jira Issue Transition For Closed Issues, in this select box you can choose the status of Jira Tickets when the plugin closes the Jira Ticket. (Done, In Review, Closed) These values can be different, depending on the selected Jira Issue Type.
You can create Custom Issue Labels, which apply to each Jira Issue in the selected Jira Project.
If you wish to remove Mapping Configuration click Remove Mapping Configuration. It is now possible to remove or save the first Mapping Configuration. In case you don’t want SAST integration to run simply disable SAST integration in the Basic Configuration tab.
If you want to map your SAST assets to multiple Jira Projects you can add another Mapping Configuration by clicking the Add Mapping Configuration button. To configure another Mapping Configuration follow previous steps (1-8).
After finishing your configuration, adding or removing Mapping Configurations save this configuration by clicking Save All Mapping Configurations. If saving was successful message will appear. If the message does not appear refer to the Monitoring/Debugging section.

Allow only vulnerabilities with tags

Type in the text box, you can define tag/s. Only SAST vulnerabilities including defined tag/s will be processed by the plugin.

If the input is empty and does not contain any tag/s all selected SAST assets will be a process.
To save changes click the Add Tag/s. If saving the successful message should appear. If the message does not appear refer to the Monitoring/Debugging section.

Authorize Jira Groups to View/Interact Vulnerability Content (Retesting, TRC Team Responses, Add note and tag, and Submit Questions)

Select one or multiple Jira User Groups which will be authorized to view retesting status of asset/vulnerability, and TRC team responses. This group is authorized to Add Notes and Tag/s and Submit questions related to specific vulnerability opened in Jira Issue view.
After adding/removing groups to save changes click Authorize Groups. If saving the successful message should appear. If the message does not appear refer to the Monitoring/Debugging section.

Customize Jira Issue

Click Customize Jira Issue.
Edit the Customize Jira Issue Summary text field.
Edit the Customize Jira Issue Description text field.
When you have completed configuration for SAST (Applications) according to your preferences, click Save Customization.
To restore the default values, click Restore default values.

You must click Save Customization after selecting Restore default values to keep the default values.