# Veracode
PlexTrac supports importing Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) findings from **Veracode**. Veracode is an application security company offering various security analysis technologies on a single platform, such as static, dynamic, and software composition analysis.
Based on the provided XML from the Veracode file, PlexTrac will automatically apply a tag to indicate whether the findings resulted from a SAST, DAST, or SCA scan.
## Field Mappings
Below are the field mappings from Veracode to PlexTrac, broken up by findings and assets. If a field is not listed, PlexTrac does not currently import it.
Tables include the following columns:
* **Veracode Field:** the field name that appears in Veracode
* **PlexTrac Field:** the field name that appears in PlexTrac
* **Direction:** displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)
### SAST Finding Field Mappings
| Veracode Field | Direction | PlexTrac Field |
|---|
| Vulnerability Name | --> | Finding Title |
| Description | --> | Description |
| Background | --> | Description |
| Delivery Consultant | --> | Custom Field |
| Exploitation Difficulty | --> | Custom Field |
| Remediation Effort | --> | Custom Field |
| Recommendations | --> | Recommendations |
| References | --> | References |
| CWE ID | --> | CWE ID |
| Flaw Severity | --> | Severity |
| Remediation Effort | --> | Finding Tag |
| Category | --> | Finding Tag |
| Exploit Difficulty | --> | Finding Tag |
| Finding Status | --> | Finding Tag |
| Source Veracode | --> | Finding Tag |
### SAST Asset Field Mappings
| Veracode Field | Direction | PlexTrac Field |
| ------------------ | :-------: | -------------- |
| File Path | --> | Asset Name |
| Application | --> | Parent Asset |
| Instance Details | --> | Asset Name |
| Line Number | --> | Asset Evidence |
| Function Prototype | --> | Asset Evidence |
| First Occurence | --> | Asset Evidence |
| Remediation Status | --> | Asset Evidence |
| Migration Status | --> | Asset Evidence |
### DAST Finding Field Mappings
| Veracode Field | Direction | PlexTrac Field |
|---|
| Veracode | --> | PlexTrac |
| Dynamic Flaw | --> | Finding Title |
| Description | --> | Description |
| Background | --> | Description |
| Delivery Consultant | --> | Custom Field |
| Exploitation Difficulty | --> | Custom Field |
| Remediation Effort | --> | Finding Tag |
| Recommendations | --> | Recommendations |
| References | --> | References |
| CWE ID | --> | CWE ID |
| Flaw Severity | --> | Severity |
| Remediation Effort | --> | Finding Tag |
| Remediation | --> | Custom Field |
| Category | --> | Finding Tag |
| Category | --> | Custom Field |
| Exploit Difficulty | --> | Finding Tag |
| Exploit Difficulty | --> | Custom Tag |
| Finding Status | --> | Finding Tag |
| Finding Status | --> | Custom Tag |
| Source Veracode | --> | Finding Tag |
### DAST Asset Field Mappings
| Veracode Field | Direction | PlexTrac Field |
| ------------------ | :-------: | -------------- |
| File Path | --> | Asset Name |
| Application | --> | Parent Asset |
| Instance Details | --> | Asset Name |
| Line Number | --> | Asset Evidence |
| Function Prototype | --> | Asset Evidence |
| First Occurence | --> | Asset Evidence |
| Remediation Status | --> | Asset Evidence |
| Migration Status | --> | Asset Evidence |
### SCA Finding Field Mappings
| Veracode Field | Direction | PlexTrac Field |
| --------------- | :-------: | -------------- |
| CVE\_Summary | --> | Finding Title |
| CVSS Data | --> | Score Type |
| CVSS Data | --> | Score Value |
| CVSS Data | --> | Vector |
| CVE ID | --> | CVE ID |
| Source Veracode | --> | Finding Tag |
### SCA Asset Field Mappings
| Veracode Field | Direction | PlexTrac Field |
| -------------- | :-------: | -------------- |
| Library | --> | Asset Parent |
| App Name | --> | Asset Name |
