Basic Configuration

Mapping Vulnerability Ratings to JIRA® Priorities

Vulnerability ratings will automatically use the WhiteHat Advanced Rating Methodology, which is based on OWASP ratings.

To configure the WhiteHat Sentinel Cloud Plugin for JIRA® perform the following steps:

  1. Click the Basic Configuration tab.

  2. The default mapping will associate the most severe rating with the highest JIRA® priority. You can change this mapping using the drop-down lists.

    basic config cloud jira plugin 1
    For more information on choosing Legacy Ratings or Advanced Ratings, see Understanding the Rating Methodology.

  3. Select the vulnerability ratings that should (checked) or should not (unchecked) be used to create JIRA® tickets.

    basic config cloud jira plugin 3

    JIRA® tickets will now be created for vulnerabilities rated Critical, High, or Medium. Critical vulnerabilities will receive the Highest JIRA® priority, High risk vulnerabilities will receive a JIRA® priority of High, and Medium risk vulnerabilities will receive a JIRA® priority of Medium. JIRA® tickets will not be created for vulnerabilities with a rating of Low or Note. In addition it is also possible to limit vulnerabilities that will result in JIRA® tickets based on the Sentinel tags associated to the vulnerability.

  4. When you have completed mapping vulnerability ratings to JIRA® priorities according to your preferences, click Save.

If you select any tags to be used to create JIRA® tickets, only vulnerabilities that have at least one of the listed tags in the WhiteHat Portal will be used to create JIRA® issues.

Tickets, Vulnerability Content & Scheduling Settings

Select the relevant radio buttons to configure default updates for your tickets.

  1. Select to reopen closed tickets whenever a vulnerability’s status is updated in the WhiteHat Portal.

    basic config cloud jira plugin 2

  2. Select to close your existing tickets automatically if corresponding vulnerabilities are closed in the WhiteHat Portal.

  3. Optionally, click the check box to Add default comments for reopened and resolved tickets if the corresponding vulnerability is updated.

  4. Optionally, configure the Import SAST (applications) closed vulnerabilities. Select the relevant radio button to import closed SAST vulnerabilities.

  5. Optionally, configure the Import DAST (applications) closed vulnerabilities. Select the relevant radio button to import closed DAST vulnerabilities.

  6. Optionally, configure the Vulnerability Content. Select the relevant radio button to show responses from the TRC team, vulnerability retest status and attack vectors.

  7. Schedule your Integration, the default value is Run Daily select from:

    • Run every hour,

    • Run Daily or

    • None.

      If you choose to run your integration daily, you must select the exact hour when integration should run every day.

  8. To Enable SAST (Applications) Integration select Yes.

  9. To Enable DAST (Sites) Integration select Yes.

  10. Click Save Configuration to keep your changes.