Data transformation for the Veracode Vulnerability Integration
After you identify the data that you want to import, the data is retrieved from the Veracode application, processed through a set of data sources, and transformed in your instance.
Veracode Application Vulnerable Item Integration
The data from the API is first loaded into the Veracode AppVul Item Import [sn_vul_veracode_appvul_item_import] table, and the Veracode AppVul Item Transform is used to transform the imported information.
To access this transform map, navigate to System Import Sets > Transform Maps and search for Veracode AppVul Item Transform. The following table lists the transform map fields by integration.
| Source field | Target field | Description |
|---|---|---|
| app_id | source_app_id | Application ID. |
| issueid | source_avit_id | AVIT ID. |
| app_name | app_name | Application name. |
| version | app_version | Application version. |
| build_id | source_scan_id | Build ID of the application. |
| account_id | account_id | Account ID. |
| sandbox_id | sandbox_id | Sandbox ID. |
| last_update_time | last_scan_date | Last updated time. |
| app_name + last_scan_date | scan_summary_name | Scan summary. |
| life_cycle_stage | source_sdlc_status | Source SDLC status. |
| level | source_severity | Source severity. |
| category_name | category | Category. |
| source_severity | source_severity | Source severity. |
| category_id + " CWE-" + cweId | source_entry_id | Source entry ID. |
| source_vulnerability_summary | source_vulnerability_summary | Source vulnerability summary. |
| source_recommendation | source_recommendation | Source recommendation. |
| description | description | Description from the source. |
| description | source_vulnerability_explanation | Source vulnerability explanation. |
| mitigation_status_desc | source_mitigation_status | Source mitigation status. |
| remediation_status | source_remediation_status | Source remediation status. |
| line | line_number | Line on which the flaw is found. |
| module | application_module | Application module. |
| sourcefile | source_notes | Source notes. |
| affects_policy_compliance | complies_with_policy | Values can be Yes or No based on the source information being true or false. |
| Sourcefilepath + sourcefile | location | Location mapping in case of a static flaw. |
| url | location | Location mapping in case of a dynamic flaw. |
| scope, type, exploitLevel | source_additional_info | Name value field populated with the values from source in case of static flaws. |
The following transform scripts are run during the transformation process.
Veracode transform map script timing and purpose
| When the script is run | Purpose |
|---|---|
| onComplete (when an import set has completed transformation) | Script that is used to process the data source and update the count of AVITs created, updated or unchanged, and the ones imported as part of this integration from Veracode. This script is for internal use and should not be modified or deleted. |