Package: Invicti AppSec Core (on-demand), Invicti AppSec Enterprise (on-premise, on-demand)
Import vulnerabilities
You can import vulnerabilities from external security tools or CSV templates into Invicti AppSec. Importing is done at the project level - you navigate to a project's vulnerabilities page and use the Actions menu to start an import.
After importing, the import appears in the Imports tab (both at the project level and the global Scans page), and the vulnerabilities are added to the project.
Prerequisites
- You must have add permission on vulnerabilities.
Import types
Invicti AppSec supports two import types:
- Import a tool report: import a report file generated by a supported scanner. Invicti AppSec automatically parses the file based on the scanner format.
- Import a CSV template: import a CSV file using the Invicti AppSec template format. Use this option when you want to manually define vulnerabilities or import data from an unsupported tool.
You can also import a pen test report as a CSV or PDF file using the template import type.
View imports
Imports appear in the Imports tab in two locations:
- Project level: open a project and click the Imports tab.
- Global level: select Scans from the left-side menu and click the Imports tab.
The imports table displays the following columns:
| Column | Description |
|---|---|
| Date imported | The date the vulnerabilities were imported. |
| Date discovered | The date the vulnerabilities were originally discovered. |
| Scanner | The scanner tool associated with the import. |
| Project / Profile | The project or profile the data was imported into. |
| Branch | The branch associated with the imported data. |
| Meta data | Additional metadata for the scan. |
| Discovered by | The user who discovered the vulnerabilities. |
| Engagement | The pen test engagement (if applicable). |
| Imported by | The user who performed the import. |
| Critical | The number of critical-severity findings. |
| High | The number of high-severity findings. |
| Medium | The number of medium-severity findings. |
| Low | The number of low-severity findings. |
| Action | Click to view the imported vulnerabilities. |
Filter imports
You can filter the imports table by the following criteria:
- Branch: filter by branch name.
- Discovered by: filter by the user who discovered the vulnerabilities.
- Engagement: filter by pen test engagement.
- Imported by: filter by the user who performed the import.
- Meta data: filter by scan metadata.
- Scanner: filter by scanning tool.
- Team: filter by team (global view only).
Imports are marked as manual and can't be rescanned. For more information, see Trigger a rescan.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center