When you connect a task tracker, Vanta will automatically fetch any tasks that have the tag or label “security” or “Security.” When we fetch these tasks, you will see them show up in security issues Vanta tests under “Items to Remediate” or “Remediation History”:
Vanta collects the following information from task tracker tickets to satisfy the related Vanta tests:
- Title
- Assignee
- Status
- Priority
- Tags/labels
Priority Mapping
Vanta will look to tasks assigned Priority and any applied Tags/Labels to satisfy the related 'P0/1/2/3' Vanta tests. In a situation where a priority tag/label has not been applied to a Task, the Priority level, as defined by the task tracker, is used as the source of truth.
Tracking Task Completion
Vanta will track the completion of tasks. How we determine if a ticket has been closed may vary depending on the task tracker:
- Asana - We check whether the “Completed At” field has been set
- Azure DevOps - We check whether “Microsoft.VSTS.Common.ClosedDate” has been set for the work item
- ClickUp - We check whether the task’s status type is “done” or “closed”
- Github - We check whether “Closed At” has been set for the issue
- Gitlab - We check whether “Closed At” has been set for the issue
- JIRA - We look at the field “Resolution Date” or the field “status” and if the “status category” is marked “Done.”
- Linear - We check whether any of “Completed At”, “Canceled At”, or “Archived At” has been set
- Monday - We check whether the Status column for a value of “Done”
- Pivotal Tracker - We check whether the “Current State” is “accepted”
- Shortcut - We check whether “Completed At” or “Archived” has been set
- Trello - We check whether task has been marked “closed” or “dueComplete” or is contained in a list that has been closed or named “Done”
- Merge Integrations - We check whether Merge has interpreted the ticket as closed
- Freshdesk - Determined via “Status” field reported by /v2/tickets in their API
- Front - Determined via “Status” field reported by /inboxes/{project_id}/conversations in their API
- Help Scout - Determined via “Status” field reported by /conversations in their API
- Kustomer - Determined via “Status” attribute reported by /conversations in their API
- Re:amaze - Determined via “Status” field reported by /v1/conversations in their API
- Teamwork - Determined via “Status” field reported by /tasks in their API
- Zoho Bug Tracker - Determined via “Status.type” field reported by /restapi/portal/${portal_id}/projects/${project_id}/bugs
- Zoho Desk - Determined via “statusType” field reported by /tickets in their API
Customizing Security Tags
If you are using the “security” tag for other uses or use other tags to track security tasks, you can customize the label in Vanta:
- Navigate to your connected task tracker on the Integrations page and click on Manage
- In the sub-menu, select Task tracking labels
- In the modal that pops up, enter all the labels that you would like Vanta to use to track audit-related security issues
- After entering the labels you would like Vanta to track, hit Save
- Once complete, Vanta will pull in tasks with the configured security label.
We currently do not support required fields beyond the default. You can find more information here: https://help.vanta.com/hc/en-us/articles/4417646294292-Jira-Integration-Error-Message-Unsupported-Required-Fields-