Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Highlighted
Contributor.. robert.beeson@b1 Contributor..
Contributor..
1890 views

JIRA to SSC plugin

Does a JIRA plugin exist that will allow me to push findings into SSC where it can be added to reporting/tracking or do we have to recreate the wheel and write one from scratch using the API?

 

We know it is possible to have a bi-directional connection with an external tool. Burp Suite has their plugin that allows to push bugs to SSC or have bugs pushed from SSC. If someone knows of a comparable plugin for JIRA, i would appreciate it.

Tags (3)
0 Likes
5 Replies
Micro Focus Expert
Micro Focus Expert

Re: JIRA to SSC plugin

There is a built-in plugin for JIRA in SSC, but it seems to be one-way, publishing SSC Issues into JIRA.  you must first enable it in the SSC Configuration screens, then you can select the specific Bug Tracker for each Application container in SSC.  The plugin files are located within the unZipped files from your SSC WAR Zip file, where you located the original ssc.war file and SQL scripts.

There is also a secondary tool on our MArketplace which permits expanded connections with Bug Trackers, both built-in ones and others.  See the link below.

 

 

 


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
Contributor.. robert.beeson@b1 Contributor..
Contributor..

Re: JIRA to SSC plugin

Hans,

 

thanks for answering. I am able to push findings from SSC into JIRA but that isn't what I want.

Since SSC lacks the capacity to manually create findings, which we have a need for due to things like CMS vulnerabilities and/or 3rd party software notices, I will be creating them within JIRA.

From there, I was looking for a plugin (Parser might be a better word to use) that would import the JIRA finding into SSC. Reason being, I could still create a singular vuln report for dev teams or to store as a audit artifact. more reasons: centralized database for custom BIRT reporting, doing work within one analyst console before sending bugs off to HP ALM (QC), etc. etc. you get the picture.

There is so much reporting and customization in my SSC that it doesnt migrate to bug trackers readily and it means that i have to manually sync findings across differing systems.

 

 

 

0 Likes
Raphael Hagi Super Contributor.
Super Contributor.

Re: JIRA to SSC plugin

Robert,

Did you check this tool available in Github: http://github.com/fod-dev/FoDBugTrackerUtility

I used it to sync vulnerabities in two way, send it from SSC to JIRA, and them from JIRA to SSC, also, closing tickets opened to respond vulnerabilities found. I'm not sure about it is you need, but, let us know!!!


Data, or do not.
0 Likes
Contributor.. robert.beeson@b1 Contributor..
Contributor..

Re: JIRA to SSC plugin

Raphael,
thanks for the response but I cannot use the bugtracker utility you gave me because, 1) i'm on-premise not FoD and 2) i'm on 18.20 and any attempts to load plugs have to be Jar files and those JAR files have to be below 20MB, meaning the old tracker utility won't work either. thanks again tho!
0 Likes
Raphael Hagi Super Contributor.
Super Contributor.

Re: JIRA to SSC plugin

Robert,

I use this plugin in on-prem environment, no problem. I don't know why MF call it with this name.

This 20MB limit can be change in some place, maybe in Tomcat. 


Data, or do not.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.