PlexTrac supports importing Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) findings from Veracode. Veracode is an application security company offering various security analysis technologies on a single platform, such as static, dynamic, and software composition analysis.
Below are the field mappings from Veracode to PlexTrac, broken up by findings and assets. If a field is not listed, PlexTrac does not currently import it.
Tables include the following columns:
Veracode Field: the field name that appears in Veracode
PlexTrac Field: the field name that appears in PlexTrac
Direction: displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)
Vulnerability Name
-->
Finding Title
Description
-->
Description
Background
-->
Description
Delivery Consultant
-->
Custom Field
Exploitation Difficulty
-->
Custom Field
Remediation Effort
-->
Custom Field
Recommendations
-->
Recommendations
References
-->
References
CWE ID
-->
CWE ID
Flaw Severity
-->
Severity
Remediation Effort
-->
Finding Tag
Category
-->
Finding Tag
Exploit Difficulty
-->
Finding Tag
Finding Status
-->
Finding Tag
File Path
-->
Asset Name
Application
-->
Parent Asset
Instance Details
-->
Asset Name
Line Number
-->
Asset Evidence
Function Prototype
-->
Asset Evidence
First Occurence
-->
Asset Evidence
Remediation Status
-->
Asset Evidence
Migration Status
-->
Asset Evidence
Veracode
-->
PlexTrac
Dynamic Flaw
-->
Finding Title
Description
-->
Description
Background
-->
Description
Delivery Consultant
-->
Custom Field
Exploitation Difficulty
-->
Custom Field
Remediation Effort
-->
Finding Tag
Recommendations
-->
Recommendations
References
-->
References
CWE ID
-->
CWE ID
Flaw Severity
-->
Severity
Remediation Effort
-->
Finding Tag
Remediation
-->
Custom Field
Category
-->
Finding Tag
Category
-->
Custom Field
Exploit Difficulty
-->
Finding Tag
Exploit Difficulty
-->
Custom Tag
Finding Status
-->
Finding Tag
Finding Status
-->
Custom Tag
File Path
-->
Asset Name
Application
-->
Parent Asset
Instance Details
-->
Asset Name
Line Number
-->
Asset Evidence
Function Prototype
-->
Asset Evidence
First Occurence
-->
Asset Evidence
Remediation Status
-->
Asset Evidence
Migration Status
-->
Asset Evidence
CVE_Summary
-->
Finding Title
CVSS Data
-->
Score Type
CVSS Data
-->
Score Value
CVSS Data
-->
Vector
CVE ID
-->
CVE ID
Library
-->
Asset Parent
App Name
-->
Asset Name