# Checkmarx PlexTrac supports importing XML files from **Checkmarx**. Checkmarx provides software security solutions for detecting and preventing security application vulnerabilities. The primary focus is static application security testing (SAST), which involves analyzing an application's source code to identify security vulnerabilities and coding errors before deployment. Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.

## Finding Field Mappings

PlexTrac Field	Checkmarx Path	Notes
title	<Query Name=(attribute value for title)>	If the `name` attribute within the `query` element contains an underscore, PlexTrac replaces the underscore with a space
severity	<Query Severity=(attribute value for severity)>
references	<Query cweId=(attribute value for references)>
recommendations	<Result DeepLink=(attribute value for recommendations)>	PlexTrac joins all items in the DeepLink element in the Result element
description	Hard Coded w/ "This was identified via Checkmarx scanner, please view affected assets for more details."
tags	<Query categories=(attribute value for tags)> and <Query group=(attribute value for tags)>	To convert categories into a list using ";" as a delimiter, and to append the group attribute to categories to create comprehensive tags, follow these steps: Separate each category with a semicolon (;). If a category has an associated group attribute, append this attribute to the category. Ensure all tags are accurately represented.
source	Hard Coded "Checkmarx"

## Asset Field Mappings | PlexTrac Field | Checkmarx Path | Notes | | -------------- | ------------------------------------------------------------- | --------------------------------------------------------------------------------------- | | asset | \ and Path> | Ensure that both the attribute name and the element filename are present and identical. |