I'm trying to suppress some core Fortify rules as they're false positives for our organization. However, I can't seem to find a way to know their Rule ID's, which are required for the SuppressionRule tag. I checked in the Details tab of Audit Workbench but only the Instance ID is indicated there, which apparently is not the Rule ID.
If it's not really possible, how can I achieve the same feat using FilterSet instead?
Ultimately found it in the Analysis Evidence tab!
The Fortify rule IDs appear in the Fortify Software Security Center at the very bottom of the details tab in the issue list.
As noted by NDAclan these IDs appear in the Analysis Information tab in the Audit Workbench.
Related
We have the full Atlassian product range and I am looking at how to make best use of it
We are using Stash to manage our Git 1000+ repositories all of which contain tags pointing to their versions.
I need to be able to define how our software versions depend on each other
For example:
System_x.y.z in production consists of
group_of_components_a_x.y.x consists of
component_a_x.y.z
component_b_x.y.z
...
System_x.y.z is release candidate_a consists of
....
System_x.y.z is in regression test
...
System_x.y.z is in performance test
...
System_x.y.z development is being tracked by Issue#
...
etc etc
I have been using ClearQuest to achieve this but would like to move to a pure Atlassian solution if it exists
I would also like to define a name for group_of_components so that I can attach owners to it as well as to components so we can use them elsewhere in the workflow.
can notify them when versions change.
In Issues so I can see when different teams are working in the same areas
I would also like to be able to use the System_x.y.z, group_of_components_x.y.z and component_a_x.y.z
In Defects so I can see where the error was found (System_x.y.z, group_of_components_x.y.z)
In Defects so I can see where the error was fixed (component_a_x.y.z)
Is any of this possible?
Is any of this possible?
The short answer is yes. It's all possible.
Jira has the following hierarchy:
Project
../ Epic
../../ Task
../../../ Sub-task
If you need to track version numbers as part of a product roadmap you need to use Projects for that feature. There are probably other hacky ways to use labels or components to do something like this but you will spend endless hours extending these hacks throughout Jira. Not a fun exercise IMO.
I need to be able to define how our software versions depend on each other
Dependencies can easily be added at the Epic/Task/Sub-task levels but I'm not aware of an easy way to do this at the version level. I'm only really aware of the Agile Cloud solutions. If you install this locally I'm fairly sure you could find a way to do this if it is truly needed.
I would also like to define a name for group_of_components so that I can attach owners to it as well as to components so we can use them elsewhere in the workflow.
It's very easy to name all issue types and projects. Projects have an owner. All issue types can be assigned to any user (with access rights). Additionally you can add users to the "watch-list" of every issue.
can notify them when versions change.
The watch-list will notify all watchers by email. Additionally you can set up workflows to reassign or marshal each record through a custom workflow.
In Issues so I can see when different teams are working in the same areas
You can add users to teams in any combination (users can be on multiple teams) but I'm not sure I fully understand what "areas" means. You can search, filter and report on all issues by team(s) if that's what you mean.
I would also like to be able to use the System_x.y.z, group_of_components_x.y.z and component_a_x.y.z
In Defects so I can see where the error was found (System_x.y.z, group_of_components_x.y.z)
In Defects so I can see where the error was fixed (component_a_x.y.z)
Each bug you define:
can be organized into an Epic
can be associated to any number of tasks (Blocks task 1 or is blocked by task 2, etc.)
has one or many "affects versions" to track where the bug occurred
has one or many "fix versions" to track when the bug was fixed
My company needs an Issue Tracking System. There are a lot of tools available on the internet and I have tried some (JIRA, Asana, Bugzilla to name a few). Most of them are great in the job they do. But we have a specific requirement that none seem to cater to. We need to implement a hierarchy in which certain users would have access to only certain parts of the system. Could you please suggest me a tool that could do what we want. May be the tools I tried do enable us to implement this hierarchical structure and couldn't figure out how to do it. In that case could you guide me as to how this could be done using the tools I have tried. It would be highly preferable not to develop the system ourselves owing to the time that would be consumed.
Thank you!
The hierarchy would be as follows:
P.S. - We are not an IT-based company. Hence, 'Site' does not refer to 'website'. Site is a geographic area which comprises of smaller units called locations where facilities are located. These facilities have certain resources that at times break down, a situation which needs to be efficiently tracked and be dealt with. Employees on-site would report issues which would be assigned to maintenance teams who would take care of the issue. The progress of the process of resolving the issue should also be tracked.
I believe you could accomplish your goal using Bugzilla. Although Bugzilla doesn't have hierarchical security groups per se, you could create groups with obviously hierarchical names, one for each node in your graph, e.g. site1, site1-location1, site1-location2, site1-location1-resource1, etc. You could then assign each employee every group in the chain from the lowest to highest, e.g. (following your graph again), a user might have the groups site2, site2-location1, site2-location1-resource3. Then you can assign each bug a group according to how many people should be able to access it; e.g. site2 if's a site-wide issue, or site2-location1 if it's a location-wide issue, and so on.
It's a bit tedious but you could write some scripts to automatically give those security groups to each employee based on their most specific permission level.
In JIRA a resolved issue can have different resolutions: e.g. Won't Fix, Cannot Reproduce, Fixed etc. I had been using JIRA without Greenhopper and using these resolutions was part of the workflow.
Now I'm using JIRA+Greenhopper with Kanban boards and I'm trying to extend the workflow to have few steps associated with the Resolved step:
In QA which is Status:Resolved,Resolution:Done;
Won't Fix which is Status:Resolved,Resolution:Done;
Backlog which is Status:Resolved,Resolution:Backlog;
etc;
When trying to edit the workflow I learned that it is not possible to have two steps that correspond to one status (Resolved). Is this the case?
At the moment it actually is not possible to set the issue to any resolution different than Done as
the 'Resolve' button is not available on the issue screens (I already asked here about the missing button).
I have tried to set up a new transition which would move the issue into Status:Resolved, Resolution:Won't Fix but I'm hitting the problem that for active workflows if there are no outgoing transitions already defined you cannot create new ones.
Questions:
Is it possible possible to map two workflow steps to one status? Am I missing something and the Won't Fix, Cannot reproduce resolutions don't fit into the Greenhopper way of thinking?
I recommend creating a JIRA workflow from scratch and provide detailed steps in Practical JIRA Administration (O'Reilly). I also recommend having a 1:1 mapping of JIRA step name to status name, and JIRA doesn't do 2:1 mapping. I think you probably want to create new statuses for your workflow, e.g. In QA.
The system resolution field is designed as a kind of sub-status for one, maybe two, statuses. People usually use it just with Closed.
I'm looking for a work-item-tracking/bug-tracking system (or JIRA plugin, or TFS plugin, or...) which makes it easy to stack-rank work items without having to manually assign priority values to each work item.
Instead, our team wants to be able to see a list of open work items and be able to drag-n-drop one or a multiple selection of work items until the order matches the team's prioritization. This would be much easier than arguing about priority numbers and dealing with ties (e.g. "which of the 5 bugs marked priority=2 should I work on today?").
Our team is considering switching work-item-trackers (we use Gemini now) and availability of a good drag-n-drop prioritizer is high on our requirements list.
I realize drag-n-drop ranking is non-trivial because no team will stack rank all work items. Instead, we'll want to take a subset (e.g. work items for one sprint sprint or iteration, or bugs assigned to one developer) and stackrank those, then later look at a different subset and stackrank those, etc. And I'm sure we'll sometimes need to mix and match different stacks, so there'd need to be heuristics (ideally configurable) about how to show a stack of items previously stacked separately.
Pivotal Tracker is close to the drag-n-drop UI I'm thinking of from a UI perspective, but Pivotal's model of separating user stories from the underlying work items (plus a few other issues) doesn't match how we want to work. We don't want to have to deal with different artifacts (stories vs. JIRA/BugZilla work items)-- instead we just want a drag-n-drop UI to automatically fill out a "priority" field in the issue tracker, and which we can use later when sorting and filtering. And we wouldn't want to use Pivotal as our only work item tracker, because it seems to lack common features like bulk editing which are critical for large projects.
Anyone know of a tool like what I describe above?
Urban turtle is the best TFS add-on, making ranking/prioritizing a sane activity. Priority by number is a disaster so don't think you're alone there.
http://urbanturtle.com/
Urban Turtle is updated every month and used by quite a few teams including a number of my teams.
Eylean Board has what you are looking for. They offer a task board where the tasks are prioritized by moving them around, the priority tasks being on top. Interface is nice and clean and they offer other features such as integration with TFS, reports, etc.
The greenhopper plugin for JIRA has this feature. It's worked well for me ...though I'm not a big fan of JIRA in general.
http://www.atlassian.com/software/greenhopper/tour/backlog-management.jsp
Previous to this, I just used excel.
One of the best (and fastest) web UI's I've seen is on AgileZen, which supports something similar to this. Last I knew it did not have built-in integration with TFS, but it does have a REST API. It's basically a web-based, shareable Kanban board.
This is in Team Explorer 2010
Question:
Using WIQL, is it possible to get the list of file differences due to checkins
for a given date range
for a given folder
WIQL is about work items alone - so it isn't possible to retrieve this kind of information through this path.
Using the TFS data warehouse should provide with a viable alternative. A very nice introductory presentation can be found here.
You should probably make a focus on the filters "Version Control Changeset" in combination with "Date" filter for your (1) & "Version Control File" for your (2).