It's all about the answers!

Ask a question

RTC-AppScan Enterprise integration: how to write ASE severity in RTC Defect?


Luca Martinucci (1.0k284109) | asked Apr 01 '16, 3:31 a.m.
I am integrating RTC 5.0.2 and AppScan Enterprise 9.0.3.
I want to "propagate" the ASE Vulnerability severity to the RTC Defect.
The question is: is it possible to insert a dynamic value (say, a variable) in the Defect Properties mapping?
It seems that only static values are supported.
Is the severity value stored in an ASE internal variable, so that I can pass it to RTC?
When integrating AppScan Source and RTC this is actually possible: the severity value is stored in the {Finding.severity} variable.

Accepted answer


permanent link
Luca Martinucci (1.0k284109) | answered Apr 06 '16, 3:38 a.m.
edited Apr 06 '16, 3:40 a.m.
I found the answer.
The severity is automatically set by ASE, and cannot be configured.
Evey ASE vulnerability has its own severity, and ASE maps this severity to one the standard values of the severity enumeration in RTC.
If this value is not present in the Project Area (because the enumeration has been modified), the creation of the defect fails.
Ralph Schoon selected this answer as the correct answer

One other answer



permanent link
Ralph Schoon (61.1k33643) | answered Apr 01 '16, 3:41 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
edited Apr 01 '16, 3:56 a.m.
I am afraid that the question is not really consumable and I am unsure how this should work.

From an RTC perspective: In general you would have to add an attribute to the work item type and all work items of the type would have it. Your value would have to help decide if the value is "not set". You could use a second attribute or a specific value (like 0) for this purpose.

It is possible to use the different API's to create or update a work item in RTC.

I don't know what a variable {Finding.severity} would be in RTC.


Comments
Luca Martinucci commented Apr 01 '16, 3:58 a.m.

 Actually, this is an ASE-related question, not a RTC-related one.

RTC is the passive side of the integration: I have a vulnerability in ASE and I want to create a defect in RTC containing the same pieces of information.
The only problem is that I can only pass static values to RTC, but different vulnerabilities have different severities.
When I integrate AppScan Source with RTC, I can configure ASS to pass to RTC the value of an ASS internal variable that contains the actual severity of the vulnerability.
It is ASS that interprets the variable and passes its value to RTC.
I wonder if any RTC user has already dealt with this issue.


Geoffrey Clemm commented Apr 04 '16, 5:23 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

It still is unclear what your question/issue is.   Note that if it is an ASE-related question, you would need to post on an ASE forum, rather than an RTC forum.   If you have an RTC question, one suggestion is to provide an example with actual values.

Your answer


Register or to post your answer.