# HCL AppScan PlexTrac supports importing XML files from **HCL AppScan**. HCL AppScan is a security testing tool used to identify and address security vulnerabilities in web applications before deployment. It uses a combination of dynamic application security testing (DAST) and static application security testing (SAST) techniques to identify vulnerabilities. {% hint style="info" %} PlexTrac does not support the export format for older versions of HCL AppScan (export version <2.5). {% endhint %}

## Finding Field Mappings Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.

Plextrac Field	HCL Path
title	Get the issue types: issue-group/item/advisory/ref Get the data being imported: advisory-group/item/advisory/name
severity	issue-group/item/severity
references	Get the issue types: issue-group/item/advisory/ref Get the data being imported: advisory-group/item/advisory/references
recommendations	Get the issue types: issue-group/item/remediation/ref Get the data being imported: remediation-group/item/name
description	Get the issue types: issue-group/item/advisory/ref Get the actual data being imported. All items are a concatenation of mulitple fields: advisory-group/item/advisory/testDescription plus advisory-group/item/advisory/testTechnicalDescription/text
evidence	issue-group/item/variant-group/item/issue-information/testReportChunk
field: <cwe>
label: cwe
value	issue-group/item/cwe
scores: <cvss>
label: cvss
value	issue-group/item/cvss-score
calculation	issue-group/item/cvss-vector/base-vector

## Asset Field Mappings | PlexTrac Field | HCL Path | | -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | | asset |

Get the entity id:
issue-group/item/entity/ref
Get the data being imported:
entity-group/item id=(match from above)/name