Creating Issue schemas
With the help of schemas you can customize issue fields.
Note: the Reports will be generated according to the issue schema that is set as default in the project;
To create Issue schema:
- Go to Project > Issues > Schemas;
Click
+Schema;
Select schema template to copy it (optional) — use this option to copy schema fields from other schemas;
- Enter Issue title display (optional) — by default Title is displayed. You can enter any value for this field;
- Status field is a default field for all issues, you can change displayed name for this field;
- In the column Add content click
+to add fields to the schema:
- When you add all needed fields, click
Previewto view the schema; - Click
Createto save new schema; - Click
Create issueto create issue right after you save your issue schema.
Issue schema fields
Templates — predefined issue fields that are used for issue templates. Fields from this section can be added to the schema only once. You cannot edit IDs of these fields, however you can edit technical names:
Score — total risk of the vulnerability calculated upon
ProbabilityandCriticalityof the Issue:- Criticality — the risk level of the vulnerability (
Low,Medium,High); - Probability — the possibility of exploiting a vulnerability (
Low,Medium,High);
- Criticality — the risk level of the vulnerability (
Affected assets — IP addresses or Hostnames of the systems with Issues;
- HTTP request — example of site requests and responses (the field is collapsible by default);
- Weakness type — type of the vulnerability (f.e.
CWE-79);
Custom fields — fields from this section can be added to the schema an unlimited number of times. You can edit IDs and technical names of all fields:
- String — field for text values;
- Integer — field for positive or negative integer numbers (f.e.
1, 2, 3, ... n); - Float — field for positive or negative integer numbers with a decimal point (f.e.
0.1, 0.2, 0.3, ... n); Markdown — text in Markdown format. To the Markdown fields you can attach images in the formats
.jpg,.png,.jpeg,.gifand file size is up to 100 MB (contact system administrator to change this parameter). To apply autofill of the markdown fields from the Issue templates, you must specify the following IDs for these fields in your Schema:generalDescription— corresponds to the field General descriptionrecommendations— corresponds to the field RecommendationsriskDescription— corresponds to the field Risk descriptionstepsToReproduce— corresponds to the field Steps to ReproducetechnicalDescription— corresponds to the field Technical description
Checkbox — single checkbox selector;
- Checkboxes — multiple checkbox selector;
Select — field for selecting one or several options:
multiple choice— select several options at once;single choice— select only one option;add placeholder— add hint to the empty option field (when registering an issue, grey text of the hint will be displayed in select fields)
Radio buttons — radio button selector;
- Date — field for indicating date;
- Date & time — field for indicating date and time.
During the creation of issue schema, you can configure parameters of all fields:
- Change order of the fields — select the field with the mouse, drag and drop it to another position;
- Make required — to make field mandatory, click
*next to the selected field; - Collapse empty fields - click
next to the selected field.
Import and export issue schemas
To import Issue schema:
- Go to Project > Issues > Schemas;
- Click
> Import;
- Click
Browseto upload issue schema or drop it to the field in a.jsonformat;
- Click
Import. New issue schema appears in the list.
To export Issue schema:
- Go to Project > Issues > Schemas;
- Click >
Export; - Select one or several issue schemas and click
Export:
- The issue schema will be downloaded as file in a
.jsonformat.
Note: if you export several issue schemas, they will be saved to one
.jsonfile.
Default Issue schema
Default issue schema contains the following fields:
- Title — name of the detected Issue;
- Status — issue status,
Score — total risk of the vulnerability calculated upon
ProbabilityandCriticalityof the Issue:- Criticality — the risk level of the vulnerability (
Low,Medium,High); - Probability — the possibility of exploiting a vulnerability (
Low,Medium,High);
- Criticality — the risk level of the vulnerability (
Affected Assets — IP address or Hostname of the system with Issue (optional);
- General description — common description of the Issue;
- Risks — description of the vulnerability risk;
- Technical description — technical description of the issue;
- HTTP request — example of the site requests and responses;
- Recommendations — recommendations for issue remediation;
- Steps to reproduce — actions to reproduce the Issue.
Technical description of predefined schema fields
| Technical name | Type | Displayed name | Comment |
|---|---|---|---|
| uuid | UUID | uuid | Unique schema ID |
| postTime | DATETIME | Created | Date of the schema creation |
| editTime | DATETIME | Edited | Date of the last schema modification |
| ips | IP | IP addresses | Field for IP addresses |
| hostnames | HOSTNAME | Hostnames | Field for Hostnames |
| requests | REQUEST | HTTP requests | Fields for HTTP Requests |
| criticalityScore | INTEGER | Criticality | Issue criticality (1 - low, 2 - medium, 3 - high) |
| probabilityScore | INTEGER | Probability | Issue probability (1 - low, 2 - medium, 3 - high) |
| totalScore | INTEGER | Total risk | Total risk of the Issue (1 - low, 2 - medium, 3 - high) |
| weaknessType | TEXT | Weakness type | String for Weakness type |
| generalDescription | TEXT_MD | Description | Field for Issue description (Markdown) |
| risksDescription | TEXT_MD | Risks | Field for Risk description (Markdown) |
| technicalDescription | TEXT_MD | Technical description | Field for Technical description (Markdown) |
| recommendations | TEXT_MD | Recommendations | Field for Recommendations (Markdown) |
| reproduceDescription | TEXT_MD | Steps to reproduce | Field for Steps to reproduce (Markdown) |
See also
