availability

Package: Invicti AppSec Enterprise (on-premise, on-demand)

Import a pen test report

You can import pen test results into Invicti AppSec using either a CSV file or a PDF report. CSV imports follow the template import flow, while PDF imports use an AI provider to automatically extract vulnerabilities from the report.

Prerequisites

• You must have add permission on vulnerabilities.
• For PDF imports, you must configure an AI provider (such as OpenAI or Azure OpenAI).

Import a pen test CSV

1. Navigate to the project where you want to import vulnerabilities. You can do this in one of the following ways:
   • Core: select Inventory > Targets from the left-side menu and click the project. Then click the Vulnerabilities tab.
   • Core: select Inventory > Projects from the left-side menu and click the project. Then click the Vulnerabilities tab and select AppSec.
   • Enterprise: select Projects and Products > Projects from the left-side menu and click the project. Then click the Vulnerabilities tab and select AppSec or Infra.
2. Click the Actions dropdown in the upper-right corner and select Import.
3. Select Template as the import type.
4. Select Pen Test as the scanner type.
5. Fill in the following fields:

Field	Description	Required
Scanner	The scanner to associate the data with.	Yes
Branch	The branch to associate the imported data with.	Yes
Discovered by	The user who discovered the vulnerabilities.	Yes
Engagement	The pen test engagement to link the import to.	No
Scan tag	An optional tag for the imported scan.	No
File	The CSV file using the Invicti AppSec template format. Select CSV as the file type.	Yes

6. Click Import.

tip

To download the CSV template for pen test imports, click the template download link on the import page.

Import a pen test PDF

PDF imports use an AI provider to automatically extract vulnerability data from the report. After the AI processes the PDF, you can review and select which vulnerabilities to import.

1. Navigate to the project where you want to import vulnerabilities. You can do this in one of the following ways:
   • Core: select Inventory > Targets from the left-side menu and click the project. Then click the Vulnerabilities tab.
   • Core: select Inventory > Projects from the left-side menu and click the project. Then click the Vulnerabilities tab and select AppSec.
   • Enterprise: select Projects and Products > Projects from the left-side menu and click the project. Then click the Vulnerabilities tab and select AppSec or Infra.
2. Click the Actions dropdown in the upper-right corner and select Import.
3. Select Template as the import type.
4. Select Pen Test as the scanner type.
5. Fill in the following fields:

Field	Description	Required
Scanner	The scanner to associate the data with.	Yes
Branch	The branch to associate the imported data with.	Yes
Discovered by	The user who discovered the vulnerabilities.	Yes
Engagement	The pen test engagement to link the import to.	No
Scan tag	An optional tag for the imported scan.	No
File	The PDF report to import. Select PDF as the file type.	Yes
LLM provider	The AI provider to use for extracting data from the PDF.	Yes
Model	The AI model to use (if the provider supports model selection).	Yes (except for Azure OpenAI)
Masked words	Words to mask in the data sent to the AI provider.	No
Automated data masking	Toggle to automatically mask sensitive data before sending to the AI provider.	No

6. Click Import.
7. A progress dialog appears while the AI extracts vulnerabilities from the PDF.
8. Review the extracted vulnerabilities and select the ones you want to import.
9. Click Confirm to import the selected vulnerabilities.

View imported vulnerabilities

After importing, the vulnerabilities are added to the project and the import appears in the Imports tab. For more information, see Import vulnerabilities.

note

Imports are marked as manual and can't be rescanned. For more information, see Trigger a rescan.

---

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center