A scanned image ticket is created for every unique image repository and image registry combination, based on the Create or Update JiraTicketAction value, the Jira client decides to create the parent ticket for the scanned image as a Vulnerable Image in the configured project.
Similarly, for vulnerabilities associated with the scanned image, a sub-ticket is created and added to the parent Vulnerable Image Ticket as type Subticket Image Vulnerability for every unique combination of QID and port.
Again, based on the JiraTicketAction configured on the Jira client, the client either creates new tickets or updates the already created tickets for every new vulnerability found or fixed. Sub-tickets with the JiraTicketAction value as Create are always kept in an open state.
Vulnerable Image Ticket:
The table below lists the custom fields you can add for ticketing scheme 8. Refer to Creating Custom Fields to add custom fields to your ticketing scheme.
Issue Type |
Field Name |
Field Type |
Searchable |
Configuration |
---|---|---|---|---|
Vulnerable Image
|
Associated Hosts |
Text Field multi line |
Yes |
Wiki Style Renderer |
DockerHub Official | Text Field single line |
Yes |
NA | |
Image Created On | Text Field single line |
Yes |
NA | |
Image Id: |
Number |
Yes |
NA | |
Image SHA: | Text Field single line |
Yes |
NA | |
Image Tags |
Labels |
Yes |
NA | |
Primary Key | Text Field (read-only) |
Yes |
NA | |
Image Updated On |
Text Field (single line) |
Yes |
NA | |
Last Scanned | Text Field (single line) |
Yes |
NA | |
OS Name | Text Field (single line) |
Yes |
NA | |
Registry Name | Text Field (single line) |
Yes |
NA | |
Repository Name | Text Field (single line) |
Yes |
NA | |
Scan Types | Text Field (single line) |
Yes |
NA | |
Total Vulns |
Number |
Yes |
NA | |
Subticket Image Vulnerability | Authentication | Text Field (single line) | Yes | NA |
Category | Text Field (single line) | Yes | NA | |
Consequence | Text Field (multi line) | Yes | NA | |
Diagnosis | Text Field (mutli line) |
Yes |
NA | |
Discovery Method |
Text Field (single line) |
Yes |
NA | |
Patch Available | Text Field (single line) |
Yes |
NA | |
Port |
Number |
Yes |
NA | |
Primary Key | Text Field (single line) |
Yes |
NA | |
Published Date | Text Field (single line) |
Yes |
NA | |
QID |
Number |
Yes |
NA | |
Qualys Detection Status | Text Field (single line) |
Yes |
NA | |
Qualys Reported Access Vector | Text Field (single line) |
Yes |
NA | |
Qualys Reported CVEs | Text Field (single line) |
Yes |
NA | |
Qualys Reported CVSSv2 Base | Number | Yes | NA | |
Qualys Reported CVSSv2 Temporal | Number | Yes | NA | |
Qualys Reported CVSSv3.1 Base | Number | Yes | NA | |
Qualys Reported CVSSv3.1 Temporal | Number | Yes | NA | |
Qualys Severity | Number | Yes | NA | |
Scan Type | Text Field (single line) | Yes | NA | |
Solution | Text Field (multi line) | Yes | NA | |
Supported Apps | Text Field (single line) | Yes | NA | |
Vuln Type | Text Field (single line) | Yes | NA | |
Vulnerable Software | Text Field (multi line) | Yes | Wiki Style Renderer | |
Impact | Text Field (multi line) | Yes | NA |