RTC-AppScan Enterprise integration: how to write ASE severity in RTC Defect?
I am integrating RTC 5.0.2 and AppScan Enterprise 9.0.3.
I want to "propagate" the ASE Vulnerability severity to the RTC Defect.
The question is: is it possible to insert a dynamic value (say, a variable) in the Defect Properties mapping?
It seems that only static values are supported.
Is the severity value stored in an ASE internal variable, so that I can pass it to RTC?
When integrating AppScan Source and RTC this is actually possible: the severity value is stored in the {Finding.severity} variable.
Accepted answer
I found the answer.
The severity is automatically set by ASE, and cannot be configured.
Evey ASE vulnerability has its own severity, and ASE maps this severity to one the standard values of the severity enumeration in RTC.
If this value is not present in the Project Area (because the enumeration has been modified), the creation of the defect fails.
The severity is automatically set by ASE, and cannot be configured.
Evey ASE vulnerability has its own severity, and ASE maps this severity to one the standard values of the severity enumeration in RTC.
If this value is not present in the Project Area (because the enumeration has been modified), the creation of the defect fails.
One other answer
I am afraid that the question is not really consumable and I am unsure how this should work.
From an RTC perspective: In general you would have to add an attribute to the work item type and all work items of the type would have it. Your value would have to help decide if the value is "not set". You could use a second attribute or a specific value (like 0) for this purpose.
It is possible to use the different API's to create or update a work item in RTC.
I don't know what a variable {Finding.severity} would be in RTC.
From an RTC perspective: In general you would have to add an attribute to the work item type and all work items of the type would have it. Your value would have to help decide if the value is "not set". You could use a second attribute or a specific value (like 0) for this purpose.
It is possible to use the different API's to create or update a work item in RTC.
I don't know what a variable {Finding.severity} would be in RTC.
Comments
Actually, this is an ASE-related question, not a RTC-related one.
RTC is the passive side of the integration: I have a vulnerability in ASE and I want to create a defect in RTC containing the same pieces of information.
The only problem is that I can only pass static values to RTC, but different vulnerabilities have different severities.
When I integrate AppScan Source with RTC, I can configure ASS to pass to RTC the value of an ASS internal variable that contains the actual severity of the vulnerability.
It is ASS that interprets the variable and passes its value to RTC.
I wonder if any RTC user has already dealt with this issue.
It still is unclear what your question/issue is. Note that if it is an ASE-related question, you would need to post on an ASE forum, rather than an RTC forum. If you have an RTC question, one suggestion is to provide an example with actual values.