Ticketing Scheme 8:CS-Image-Sub-ticket Scheme

A scanned image ticket is created for every unique image repository and image registry combination, based on the Create or Update JiraTicketAction value, the Jira client decides to create the parent ticket for the scanned image as a Vulnerable Image in the configured project. 

Similarly, for vulnerabilities associated with the scanned image, a sub-ticket is created and added to the parent Vulnerable Image Ticket as type Subticket Image Vulnerability for every unique combination of QID and port.

Again, based on the JiraTicketAction configured on the Jira client, the client either creates new tickets or updates the already created tickets for every new vulnerability found or fixed. Sub-tickets with the JiraTicketAction value as Create are always kept in an open state.

Vulnerable Image Ticket:

Custom Fields for Ticketing Scheme 8: CS-Image-Sub-ticket Scheme

The table below lists the custom fields you can add for ticketing scheme 8. Refer to Creating Custom Fields to add custom fields to your ticketing scheme.

Issue Type

Field Name

Field Type

Searchable

Configuration

Vulnerable Image

 

 

 

 

 

 

 

 

 

 

 

Associated Hosts

Text Field multi line

Yes

Wiki Style Renderer
DockerHub Official Text Field single line

Yes

NA
Image Created On Text Field single line

Yes

NA
Image Id:

Number

Yes

NA
Image SHA: Text Field single line

Yes

NA
Image Tags

Labels

Yes

NA
Primary Key Text Field (read-only)

Yes

NA
Image Updated On

Text Field (single line)   

Yes

NA
Last Scanned Text Field (single line)

Yes

NA
OS Name Text Field (single line)

Yes

NA
Registry Name Text Field (single line)

Yes

NA
Repository Name Text Field (single line)

Yes

NA
Scan Types Text Field (single line)

Yes

NA 

Total Vulns

Number    

Yes

NA
Subticket Image Vulnerability Authentication Text Field (single line) Yes NA
Category Text Field (single line) Yes NA
Consequence Text Field (multi line) Yes NA
Diagnosis Text Field (mutli line)

Yes

NA

Discovery Method   

Text Field (single line)

Yes

NA
Patch Available Text Field (single line)

Yes

NA
Port

Number

Yes

NA
Primary Key Text Field (single line)

Yes

NA
Published Date Text Field (single line)

Yes

NA

QID

Number

Yes

NA
Qualys Detection Status Text Field (single line)

Yes

NA
Qualys Reported Access Vector Text Field (single line)

Yes

NA
Qualys Reported CVEs Text Field (single line)

Yes

NA
Qualys Reported CVSSv2 Base Number Yes NA
Qualys Reported CVSSv2 Temporal Number Yes NA
Qualys Reported CVSSv3.1 Base Number Yes NA
Qualys Reported CVSSv3.1 Temporal Number Yes NA
Qualys Severity Number Yes NA
Scan Type Text Field (single line) Yes NA
Solution Text Field (multi line) Yes NA
Supported Apps Text Field (single line) Yes NA
Vuln Type Text Field (single line) Yes NA
Vulnerable Software Text Field (multi line) Yes Wiki Style Renderer
Impact Text Field (multi line) Yes NA