PlexTrac supports importing SAST findings from Veracode. Veracode is an application security company that offers various security analysis technologies, such as static, dynamic, and software composition analysis, on a single platform.
Below are the field mappings from Veracode to PlexTrac, broken up by findings and assets. If a field is not listed, PlexTrac does not currently import it.
Tables include the following columns:
Veracode Field: the field name that appears in Veracode
PlexTrac Field: the field name that appears in PlexTrac
Direction: displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)
Veracode Field | Direction | PlexTrac Field |
---|---|---|
Veracode Field | Direction | PlexTrac Field |
---|---|---|
Vulnerability Name
-->
Finding Title
Description
-->
Description
Background
-->
Description
Delivery Consultant
-->
Custom Field
Exploitation Difficulty
-->
Custom Field
Remediation Effort
-->
Custom Field
Recommendations
-->
Recommendations
References
-->
References
CWE ID
-->
CWE ID
Flaw Severity
-->
Severity
Remediation Effort
-->
Finding Tag
Category
-->
Finding Tag
Exploit Difficulty
-->
Finding Tag
Finding Status
-->
Finding Tag
File Path
-->
Asset Name
Application
-->
Parent Asset
Instance Details
-->
Asset Name
Line Number
-->
Asset Evidence
Function Prototype
-->
Asset Evidence
First Occurence
-->
Asset Evidence
Remediation Status
-->
Asset Evidence
Migration Status
-->
Asset Evidence