In this section:

Creating an Issue in a Third-Party System

You can connect a project in DTP to a project in one of the following requirements/issue tracking systems:

• Azure DevOps - see Integrating with Azure DevOps
• codeBeamer ALM - see Integrating with Codebeamer ALM
• Jama Connect - see Integrating with Jama Connect
• Jira - see Integrating with Jira
• Polarion ALM - see Integrating with Polarion ALM
• VersionOne - see Integrating with VersionOne

The integration enables you to create issues in the integrated ALM system from violations in the Prioritization panel.
 

1. Select a violation in the search results area and click the Prioritization tab.
2. Click Create and specify information about the worktime you are creating:

   Project	The name of the ALM project in which the new issue will be created appears in the Project field. The association between a DTP project and the external ALM project is defined by your DTP administrator. See the following sections for details: Integrating with Azure DevOps Integrating with Codebeamer ALM Integrating with Jama Connect Integrating with Jira  Integrating with Polarion ALM Integrating with VersionOne
   Type	Choose the type of item to create from the drop-down menu. Terminology varies across ALMs, but DTP supports the following types of work items by default: For Jira and codeBeamer ALM, choose Bug or Task. For VersionOne, choose Defect or Issue. For Polarion ALM, choose Issue or Task.
   Title/Summary	By default, the violation header is used as the value for the issue title (VersionOne) or summary (Jira, Jama Connect, Polarion ALM, codeBeamer ALM), but you can make any necessary changes.
   Description	Details about the violation, including File, Line, Message, Severity, and so on, are added to the issue description by default, but you can make any additional changes. The description will also include a link back to DTP based on the Display URL field setting in the External Application configuration page.

3. Click Create.  

An issue will be created in your external system that links back to the violation in DTP. Additionally, a link to the issue will appear in the Prioritization tab, create a bi-directional path between DTP and your external system.

Assigning Violations to Developers for Remediation

You can assign violations to other violation authors or members of the Project associated with the Filter.

1. Select violation(s) in the search results area; the file name appears in the code view panel.
2. Click the Prioritization tab and click the Assigned To field.
3. Enter an assignee's username. The form will auto-fill based on the users in the system.
4. Make any other changes and click Apply. The Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.

About Assignees and Authors

When DTP receives a violation for the first time, the value of the Assignee field is copied from the Author field. The value of the Author field is determined from either the authorship settings configured in the tool's .properties configuration file or from the source control management (SCM) system. If authorship is not configured, then the Author is set to the user logged into the machine that executed the analysis. Refer to your tool documentation for additional information.

Authorship may be changed when another developer modifies the code containing the violation and the analysis is sent to DTP. The value of the Assignee field, however, remains consistent unless the violation is reassigned manually in the Violations Explorer view.

The Assignee can also be reset to null using the DTP REST API. Resetting the Assignee enables DTP to automatically set a new assignee it receives a new report containing the violation.

Resetting Violation Assignee with the REST API

Send a POST request to the /resetViolationMetadata endpoint to reset all prioritization metadata fields for a build to their default values. Authentication is required to use the API endpoint. The user must also have administrator privileges. The following cURL example shows how to call the endpoint:

 curl -X POST -u <USERNAME>:<PASSWORD> "<PROTOCOL>://<HOST>:<PORT>/grs/api/v1.5/admin/staticAnalysis/resetViolationMetadata?buildId=<BUILD_ID>"

The Assignee field for violations in the build will be set to null in the database. You will not be able to make changes in the Prioritization tab until a user has been assigned to a violation. Users will automatically be assigned the next time Data Collector loads a report for the violations.  

Adding Comments to Violations

1. Select violation(s) in the search results area.
2. Click the Prioritization tab and enter a value in the Comments field.
3. Make any other changes and click Apply. The Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.

Suppressing Violations

Parasoft supports several workflows for suppressing violations. DTP or "server-side" suppressions are applied from the Prioritization tab of the Violations Explorer view. DTP suppressions are stored in DTP and do not affect the source code when violations are imported to a Parasoft tool user's IDE as findings.   

1. Select violation(s) in the search results area and click the Prioritization tab. 
2. Enable Suppress the selected violations in subsequent analysis runs and provide information about the suppression in the Reason text field. The suppression will be implemented in the next static analysis execution. You can release suppressed violations by disabling this option. Changes will be implemented during the next analysis run. 
3. Make any other changes and click Apply. The Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.

DTP suppressions differ from in-file and in-code suppressions, which are applied by the tool user and stored locally. Refer to the tool documentation for details about applying in-file and in-code violations.

Violations that have been suppressed using the in-code or in-file method will be labeled in the Prioritization and Details tab. You can also add the Suppression Type column to the search results table. See Navigating Explorer Views for information on how to add and remove columns in explorer views.

Prioritizing Violations

1. Select violation(s) in the search results area; the file name appears in the code view panel.
2. Click the Prioritization tab and choose a priority from the menu.
3. Make any other changes and click Apply. The Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.

Assigning Actions to Violations

An action is a string of metadata for defining how you choose to remediate a reported violation. DTP ships with a set of pre-defined actions: None, Fix, Reassign, Review, Suppress, and Other. You can edit or remove the predefined action types (except for the None type) using the /staticAnalysisViolations/metadata API endpoint. For details on configuring actions, go to Help > API Documentation in the Report Center navigation bar.

1. Select violation(s) in the search results area.
2. Click the Prioritization tab and choose a value from the Action menu.
3. Make any other changes and click Apply. The Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.

The Actions field is also a significant part of the machine learning functionality. See Using the Machine Learning Recommendations for details. 

Assigning Violation Risk and Impact Levels

The Violations Explorer allows you to flag violations that pose a risk or have an impact on the policy goals associated with your application.

1. Select violation(s) in the search results area.
2. Click the Prioritization tab and choose a value from the Risk/Impact menu.
3. Make any other changes and click Apply. The Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.

Assigning Due Dates to Violations

1. Select violation(s) in the search results area.
2. Click the Prioritization tab and click the calendar icon in the Due Date field to choose a date.
3. Make any other changes and click Apply. The Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.

Assigning Reference Numbers to Violations

1. Select violation(s) in the search results area.
2. Click the Prioritization tab and enter a value in the Reference # field.
3. Make any other changes and click Apply. The Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.

Applying Changes to Violations

When you update a violation, you can apply the change to a single instance of the violation or apply the changes to the violation in all source control branches in which it occurs. A confirmation message appears when your changes are applied: