search
Integrations

Veracode

PlexTrac supports importing Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) findings from Veracode. Veracode is an application security company offering various security analysis technologies on a single platform, such as static, dynamic, and software composition analysis.

Based on the provided XML from the Veracode file, PlexTrac will automatically apply a tag to indicate whether the findings resulted from a SAST, DAST, or SCA scan.

hashtag
Field Mappings

Below are the field mappings from Veracode to PlexTrac, broken up by findings and assets. If a field is not listed, PlexTrac does not currently import it.

Tables include the following columns:

  • Veracode Field: the field name that appears in Veracode

  • PlexTrac Field: the field name that appears in PlexTrac

  • Direction: displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)

hashtag
SAST Finding Field Mappings

Veracode Field
Direction
PlexTrac Field

Vulnerability Name

-->

Finding Title

Description

-->

Description

Background

-->

Description

Delivery Consultant

-->

Custom Field

Exploitation Difficulty

-->

Custom Field

Remediation Effort

-->

Custom Field

Recommendations

-->

Recommendations

References

-->

References

CWE ID

-->

CWE ID

Flaw Severity

-->

Severity

Remediation Effort

-->

Finding Tag

Category

-->

Finding Tag

Exploit Difficulty

-->

Finding Tag

Finding Status

-->

Finding Tag

Source Veracode

-->

Finding Tag

hashtag
SAST Asset Field Mappings

Veracode Field
Direction
PlexTrac Field

File Path

-->

Asset Name

Application

-->

Parent Asset

Instance Details

-->

Asset Name

Line Number

-->

Asset Evidence

Function Prototype

-->

Asset Evidence

First Occurence

-->

Asset Evidence

Remediation Status

-->

Asset Evidence

Migration Status

-->

Asset Evidence

hashtag
DAST Finding Field Mappings

Veracode Field
Direction
PlexTrac Field

Veracode

-->

PlexTrac

Dynamic Flaw

-->

Finding Title

Description

-->

Description

Background

-->

Description

Delivery Consultant

-->

Custom Field

Exploitation Difficulty

-->

Custom Field

Remediation Effort

-->

Finding Tag

Recommendations

-->

Recommendations

References

-->

References

CWE ID

-->

CWE ID

Flaw Severity

-->

Severity

Remediation Effort

-->

Finding Tag

Remediation

-->

Custom Field

Category

-->

Finding Tag

Category

-->

Custom Field

Exploit Difficulty

-->

Finding Tag

Exploit Difficulty

-->

Custom Tag

Finding Status

-->

Finding Tag

Finding Status

-->

Custom Tag

Source Veracode

-->

Finding Tag

hashtag
DAST Asset Field Mappings

Veracode Field
Direction
PlexTrac Field

File Path

-->

Asset Name

Application

-->

Parent Asset

Instance Details

-->

Asset Name

Line Number

-->

Asset Evidence

Function Prototype

-->

Asset Evidence

First Occurence

-->

Asset Evidence

Remediation Status

-->

Asset Evidence

Migration Status

-->

Asset Evidence

hashtag
SCA Finding Field Mappings

Veracode Field
Direction
PlexTrac Field

CVE_Summary

-->

Finding Title

CVSS Data

-->

Score Type

CVSS Data

-->

Score Value

CVSS Data

-->

Vector

CVE ID

-->

CVE ID

Source Veracode

-->

Finding Tag

hashtag
SCA Asset Field Mappings

Veracode Field
Direction
PlexTrac Field

Library

-->

Asset Parent

App Name

-->

Asset Name

PreviousScytheNextOverview

Last updated

Was this helpful?