Checkmarx
PlexTrac supports importing XML files from Checkmarx. Checkmarx provides software security solutions for detecting and preventing security application vulnerabilities. The primary focus is static application security testing (SAST), which involves analyzing the source code of an application to identify security vulnerabilities and coding errors before the application is deployed.
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, then PlexTrac does not currently import.
PlexTrac Field | Checkmarx Path | Notes |
|---|---|---|
title | <Query Name=(attribute value for title)> | The Name attribute in the Query element has _ in the name, we replace the _ with " " to create the title |
severity | <Query Severity=(attribute value for severity)> | |
references | <Query cweId=(attribute value for references)> | |
recommendations | <Result DeepLink=(attribute value for recommendations)> | We join all the items in the DeepLink element in the Result element |
description | Hard Coded w/ "This was identified via Checkmarx scanner, please view affected assets for more details." | |
tags | <Query categories=(attribute value for tags)> and <Query group=(attribute value for tags)> | Delimit categories into a list with the delimitier of ; and if the group attribute is present we append it to the categories to make all the tags |
source | Hard Coded "Checkmarx" | |
PlexTrac Field | Checkmarx Path | Notes |
|---|---|---|
asset | <Result name=(attribute to be used in asset name)> and Path> | Both the attribute name and element filename have to exist and match |
Last modified 23h ago