Creating issues from an app as defects or work items in Rational Team Concert

Create a defect in Rational Team Concert (v5.0.2, 6.0, 6.0.1, 6.0.4, and 6.0.6) for security issues discovered in an app. If you want users to submit issues as defects from an application in the Monitor view, do not configure Rational Team Concert in the Administration view.

About this task

Note:
  1. This integration with Rational Team Concert supports form-based login.
  2. This task uses a REST API call (GET /issues/details_v2) to build the content of the attachment.
  3. If you submit defects from the Scans view, the data is not synced with the Monitor view. Issues that are created from the Scans view don't create an external ID on the Monitor view. Issues that are created as defects from the Monitor view don't create a defect icon and link on the report in the Scans view.
  4. You must have the following permissions in Rational Team Concert to successfully create a defect:
    • Create Work Item
    • Modify Work Item
    • Save Attachment
  5. The Description field lists all of the issue attributes that have values, including the IssueXML issue attribute that is created when issues are imported from XML.

Procedure

  1. In an application in the Monitor view, select the issues that you want to submit as defects.
  2. Click List menu > Create Defect.
  3. On the Create Defect page, select Rational Team Concert, complete the URL, Username, and Password fields, and click Connect to test the connection to Rational Team Concert.
    Note:
    • You can enable the check box to Ignore SSL Certificate/Hostname verification; however, this is not a recommended practice.
    • After a successful connection, the defect tracking system URL, user name and SSL check box selection are stored as your user preferences, and the last selected defect tracking system is remembered for your next session.
  4. The fields that display on the Create Defect page reflect the content that Rational Team Concert expects to receive from AppScan® Enterprise. Enable the Show optional fields check box to edit the additional fields.
    Note:
    • These are the supported fields in Rational Team Concert that AppScan Enterprise supports:
      • Severity(Enumeration List)
      • Severity
      • Priority (Enumeration List)
      • Priority Type
      • Duration
      • Tag
      • Medium HTML
      • Small String
      • Timestamp
      • Iteration
      • Contributor
      • Integer
      • Deliverable
      • Category
      • Large HTML
      • UUID
      • Project Area
      • Decimal
      • Enumeration
      • Enumeration List
      Note: The Work Item Type and Project Area values are displayed as the dropdown lists and aren't shown in the editable fields.
    • Refer to the Knowledge Center for Rational Team Concert to see the correct syntax that Rational Team Concert accepts in each field.
  5. Click Create. Defects that are created successfully are listed on the page and include a link to the defect record in Rational Team Concert. Click Close.
    Note: An External ID is created when you submit defects to Rational Team Concert. The External ID column indicates the defect tracking number in Rational Team Concert. Go to List menu > Column Selection > External ID. Move the column next to the Issue or Status columns in the grid so that you can quickly see which issues were already submitted. Click the column header and then use the keyboard's Ctrl+ (Left or Right arrow) to move the column to its new destination.
  6. In AppScan Enterprise, go to List menu > Refresh or click the Refresh icon in the sidebar to update the issue list to display the External IDs.

Results

  1. If a single defect was successfully created in Rational Team Concert, you see a message at the top of the Monitor view (otherwise, creation successes and failures are displayed in the Create Defect dialog). Click the defect link to go to Rational Team Concert for more details. This process attaches a .zip file to the defect record in Rational Team Concert that contains information about the issue.
    • <issue_number>.htm (issue overview)
    • <issue_number>_details.htm (not available for third-party import issues). This file can include advisories and fix recommendations, and shows the first variant only.
    In the Rational Team Concert record, you can also link back to the issue in AppScan Enterprise from the Related Artifcats link.
  2. You also see an External ID attribute in the About this Issue dialog for the particular issue.