Skip to main content
availability

Package: Invicti AppSec Core (on-demand), Invicti AppSec Enterprise (on-premise, on-demand)

Import a tool report

You can import a vulnerability report generated by a supported security scanner into Invicti AppSec. Invicti AppSec automatically parses the file based on the scanner format.

Prerequisites

  • You must have add permission on vulnerabilities.

Import a tool report

  1. Navigate to the project where you want to import vulnerabilities. You can do this in one of the following ways:
    • Core: select Inventory > Targets from the left-side menu and click the project. Then click the Vulnerabilities tab.
    • Core: select Inventory > Projects from the left-side menu and click the project. Then click the Vulnerabilities tab and select AppSec.
    • Enterprise: select Projects and Products > Projects from the left-side menu and click the project. Then click the Vulnerabilities tab and select AppSec or Infra.
  2. Click the Actions dropdown in the upper-right corner and select Import.
  3. Select Tool as the import type.
  4. Fill in the following fields:
FieldDescriptionRequired
ScannerThe scanner tool that generated the report.Yes
BranchThe branch to associate the imported data with.Yes (except for Infrastructure scans)
Meta dataAdditional metadata for the scan. Must be unique for the same branch and tool combination.Required for Infrastructure and Nessus Pro scans
Scan tagAn optional tag for the imported scan.No
Date discoveredThe date the vulnerabilities were discovered. Can't be a future date.Yes (except for Fortify)
FileThe report file to import. Drag and drop or browse to select the file.Yes
  1. Click Import.

Supported scanners

Invicti AppSec supports importing reports from a wide range of security tools, including:

  • Checkmarx (XML)
  • Burp Suite (XML)
  • WebInspect (XML)
  • Nessus Pro (NES)
  • Tenable.sc (XML)
  • Rapid7 (XML)
  • Fortify
  • Trivy (JSON)
  • OWASP ZAP (XML)
  • CodeQL (SARIF)
  • Semgrep (JSON/SARIF)
  • JFrog Xray SCA

For the full list of supported scanners, check the Scanner dropdown on the import page.

View imported vulnerabilities

After importing, the vulnerabilities are added to the project and the import appears in the Imports tab. For more information, see Import vulnerabilities.

note

Imports are marked as manual and can't be rescanned. For more information, see Trigger a rescan.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?