LogoLogo
API DocumentationIntegrationsPlexTrac.com
  • Product Documentation
    • Using This Site
    • Security Advisories
    • Deployment and Maintenance Policy
    • Supported Applications
  • PlexTrac Modules
    • Dashboard
    • Clients
      • Clients Components
      • Creating a Client
      • Managing Clients
      • Managing Client Users
      • Adding Assets to a Client
      • Managing Assets
    • Schedule
      • Schedule Components
      • Creating an Engagement
      • Requesting an Engagement
      • Managing Engagements
      • Engagement Status
    • Assessments
      • Assessment Components
      • Managing Questionnaires
      • Starting an Assessment
      • Taking an Assessment
      • Reviewing an Assessment
      • Submitting an Assessment
    • Reports
      • Report Components
      • Creating a Report
      • Adding from NarrativesDB
      • Editing a Report
      • Using Short Codes in Reports
      • Findings
        • Creating a Finding
        • Collaborative Editing
        • Importing Findings from a File
        • CSV Findings Templates
          • Using Report Findings CSV Template
        • Importing Findings via an Integration
        • Importing Findings from WriteupsDB
        • Finding Status
        • Creating Jira Tickets
        • CVSS Scoring
        • Affected Assets
      • Importing a Report
      • Exporting a Report
    • Priorities
      • Priorities Components
      • Creating a Priority
      • Linking Findings and Assets
      • Managing Priorities
      • Priorities Metrics
    • Content Library
      • Types of Repositories
      • NarrativesDB
        • NarrativesDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Managing Sections
        • Creating a Section
      • WriteupsDB
        • WriteupsDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Creating a Writeup
        • Copying a Writeup
        • Adding to a Report
        • Importing via CSV Template
      • RunbooksDB
        • RunbooksDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Creating a Procedure
        • Creating a Technique
        • Creating a Tactic
        • Creating a Methodology
    • Analytics
      • Findings
      • Assets
      • Runbooks
      • Trends & SLAs
    • Runbooks
      • Managing Engagements
        • Starting an Engagement
        • Submitting an Engagement
      • Managing Test Plans
        • Creating a Test Plan
        • Exporting a Test Plan
  • Tenant Management
    • Account Management
      • Profile (Personal Settings)
        • Managing User Profile
        • Managing Password
        • Setting Up Two-Factor Authentication
      • Account Admin
        • Tenant Settings
          • Account Information
          • General Settings
          • Email Settings
          • Tags Settings
          • Service-Level Agreements (SLAs)
          • Short Codes
        • Customizations
          • Layouts
          • Templates
            • Report Templates
            • Export Templates
            • Style Guides
          • Theme
        • Automations
          • Risk Scoring
            • Creating Equations
            • Managing Priority Equations
          • Parser Actions
        • Integrations & Webhooks
          • Integrations (API)
            • Cobalt
            • Edgescan
            • HackerOne
            • Jira
            • ServiceNow
            • Tenable Vulnerability Management
            • Tenable Security Center
          • Webhooks
        • Security & User Management
          • Audit Log
          • Security
            • Authentication Methods
              • OAuth/OpenID Setup
                • Microsoft Entra ID
                • Google OAuth
                • Okta
                • OpenID Connect
              • SAML Setup
            • General Authentication Settings
            • Authorization
            • Role Based Access (RBAC)
              • Custom Roles
            • Classification Tiers
          • Users
            • Adding Users
            • Managing Users
        • Licensing
          • Licensing
          • Priorities
          • Plex AI
            • Using AI
        • White Labeling
      • Help Center
      • Logout
    • Integrations and File Imports
      • Acunetix
      • BlindSPOT
      • Burp Suite
      • Checkmarx
      • Core Impact
      • HCL AppScan
      • Invicti
      • Nessus
      • Nexpose
      • Nipper
      • Nmap (Assets)
      • Nmap Vulners NSE
      • Nodeware
      • NodeZero
      • OpenVAS
      • OWASP ZAP
      • Pentera
      • Qualys (VM Parser)
      • Qualys (Web App Scanner)
      • RapidFire
      • Scythe
      • Veracode
  • API Documentation
    • Overview
    • Concept Definitions
    • Getting Started
    • Retrieving Parameter IDs
    • Object Structures
      • Client Object
      • Report Object
      • Finding Object
      • Asset Object
      • Evidence Object
    • Use Cases
    • API Change Policy
      • API Change Log
    • Webhooks
      • Webhook Payload Structure
      • Verifying Sender Requests
Powered by GitBook

Resources

  • Privacy Policy
  • Terms of Use
  • Vulnerability Policy

© 2025 PlexTrac, Inc. All rights reserved.

On this page
  • Field Mappings
  • SAST Finding Field Mappings
  • SAST Asset Field Mappings
  • DAST Finding Field Mappings
  • DAST Asset Field Mappings
  • SCA Finding Field Mappings
  • SCA Asset Field Mappings

Was this helpful?

Export as PDF
  1. Tenant Management
  2. Integrations and File Imports

Veracode

PreviousScytheNextOverview

Last updated 2 months ago

Was this helpful?

PlexTrac supports importing Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) findings from Veracode. Veracode is an application security company offering various security analysis technologies on a single platform, such as static, dynamic, and software composition analysis.

Based on the provided XML from the Veracode file, PlexTrac will automatically apply a tag to indicate whether the findings resulted from a SAST, DAST, or SCA scan.

Field Mappings

Below are the field mappings from Veracode to PlexTrac, broken up by findings and assets. If a field is not listed, PlexTrac does not currently import it.

Tables include the following columns:

  • Veracode Field: the field name that appears in Veracode

  • PlexTrac Field: the field name that appears in PlexTrac

  • Direction: displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)

SAST Finding Field Mappings

Veracode Field
Direction
PlexTrac Field

Vulnerability Name

-->

Finding Title

Description

-->

Description

Background

-->

Description

Delivery Consultant

-->

Custom Field

Exploitation Difficulty

-->

Custom Field

Remediation Effort

-->

Custom Field

Recommendations

-->

Recommendations

References

-->

References

CWE ID

-->

CWE ID

Flaw Severity

-->

Severity

Remediation Effort

-->

Finding Tag

Category

-->

Finding Tag

Exploit Difficulty

-->

Finding Tag

Finding Status

-->

Finding Tag

Source Veracode

-->

Finding Tag

SAST Asset Field Mappings

Veracode Field
Direction
PlexTrac Field

File Path

-->

Asset Name

Application

-->

Parent Asset

Instance Details

-->

Asset Name

Line Number

-->

Asset Evidence

Function Prototype

-->

Asset Evidence

First Occurence

-->

Asset Evidence

Remediation Status

-->

Asset Evidence

Migration Status

-->

Asset Evidence

DAST Finding Field Mappings

Veracode Field
Direction
PlexTrac Field

Veracode

-->

PlexTrac

Dynamic Flaw

-->

Finding Title

Description

-->

Description

Background

-->

Description

Delivery Consultant

-->

Custom Field

Exploitation Difficulty

-->

Custom Field

Remediation Effort

-->

Finding Tag

Recommendations

-->

Recommendations

References

-->

References

CWE ID

-->

CWE ID

Flaw Severity

-->

Severity

Remediation Effort

-->

Finding Tag

Remediation

-->

Custom Field

Category

-->

Finding Tag

Category

-->

Custom Field

Exploit Difficulty

-->

Finding Tag

Exploit Difficulty

-->

Custom Tag

Finding Status

-->

Finding Tag

Finding Status

-->

Custom Tag

Source Veracode

-->

Finding Tag

DAST Asset Field Mappings

Veracode Field
Direction
PlexTrac Field

File Path

-->

Asset Name

Application

-->

Parent Asset

Instance Details

-->

Asset Name

Line Number

-->

Asset Evidence

Function Prototype

-->

Asset Evidence

First Occurence

-->

Asset Evidence

Remediation Status

-->

Asset Evidence

Migration Status

-->

Asset Evidence

SCA Finding Field Mappings

Veracode Field
Direction
PlexTrac Field

CVE_Summary

-->

Finding Title

CVSS Data

-->

Score Type

CVSS Data

-->

Score Value

CVSS Data

-->

Vector

CVE ID

-->

CVE ID

Source Veracode

-->

Finding Tag

SCA Asset Field Mappings

Veracode Field
Direction
PlexTrac Field

Library

-->

Asset Parent

App Name

-->

Asset Name