Supported Third Party File Types

  • acunetix360_scan: Acunetix360 Scan - Acunetix360 JSON format.
  • acunetix_scan: Acunetix Scan - XML format
  • anchore_engine_scan: Anchore Engine Scan - Anchore-CLI JSON vulnerability report format.
  • anchore_enterprise_policy_check: Anchore Enterprise Policy Check - Anchore-CLI JSON policy check report format.
  • anchore_grype: Anchore Grype - A vulnerability scanner for container images and filesystems. JSON report generated with '-o json' format
  • anchorectl_policies_report: AnchoreCTL Policies Report - AnchoreCTLs JSON policies report format.
  • anchorectl_vuln_report: AnchoreCTL Vuln Report - AnchoreCTLs JSON vulnerability report format.
  • appspider_scan: AppSpider Scan - AppSpider (Rapid7) - Use the VulnerabilitiesSummary.xml file found in the zipped report download.
  • aqua_scan: Aqua Scan
  • arachni_scan: Arachni Scan - Arachni JSON report format (generated with arachni_reporter --reporter 'json').
  • auditjs_scan: AuditJS Scan - AuditJS Scanning tool using SonaType OSSIndex database with JSON output format
  • aws_prowler_scan: AWS Prowler Scan - Export of AWS Prowler in CSV or JSON format.
  • aws_prowler_v3: AWS Prowler V3 - Export of AWS Prowler JSON V3 format.
  • aws_scout2_scan: AWS Scout2 Scan - JS file in scout2-report/inc-awsconfig/aws_config.js.
  • aws_security_finding_format_asff_scan: AWS Security Finding Format (ASFF) Scan - AWS Security Finding Format (ASFF). https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-syntax.html
  • aws_security_hub_scan: AWS Security Hub Scan - AWS Security Hub exports in JSON format.
  • azure_security_center_recommendations_scan: Azure Security Center Recommendations Scan - Import of Microsoft Defender for Cloud (formerly known as Azure Security Center) recommendations in CSV format.
  • bandit_scan: Bandit Scan - JSON report format
  • blackduck_api: BlackDuck API - BlackDuck findings can be directly imported using the Synopsys BlackDuck API. An API Scan Configuration has to be setup in the Product.
  • blackduck_component_risk: Blackduck Component Risk - Upload the zip file containing the security.csv and components.csv for Security and License risks.
  • blackduck_hub_scan: Blackduck Hub Scan - Upload the zip file containing the security.csv and components.csv for Security and License risks.
  • brakeman_scan: Brakeman Scan - Import Brakeman Scanner findings in JSON format.
  • bugcrowd_api_import: Bugcrowd API Import - Bugcrowd submissions can be directly imported using the Bugcrowd API. An API Scan Configuration has to be setup in the Product.
  • bugcrowd_scan: BugCrowd Scan - BugCrowd CSV report format
  • bundler_audit_scan: Bundler-Audit Scan - 'bundler-audit check' output (in plain text)
  • burp_enterprise_scan: Burp Enterprise Scan - Import Burp Enterprise Edition findings in HTML format
  • burp_graphql_api: Burp GraphQL API - Import Burp Enterprise Edition findings from the GraphQL API
  • burp_rest_api: Burp REST API - Import Burp REST API scan data in JSON format (/scan/[task_id] endpoint).
  • burp_scan: Burp Scan - When the Burp report is generated, the recommended option is Base64 encoding both the request and response fields. These fields will be processed and made available in the 'Finding View' page.
  • cargoaudit_scan: CargoAudit Scan - Import JSON output for cargo audit scan report.
  • checkmarx_osa: Checkmarx OSA - Checkmarx Open Source Analysis for dependencies (json). Generate with jq -s . CxOSAVulnerabilities.json CxOSALibraries.json
  • checkmarx_scan: Checkmarx Scan - Detailed Report. Import all vulnerabilities from checkmarx without aggregation
  • checkmarx_scan_detailed: Checkmarx Scan - Detailed Report. Import all vulnerabilities from checkmarx without aggregation
  • checkov_scan: Checkov Scan - Import JSON reports of Infrastructure as Code vulnerabilities.
  • clair_klar_scan: Clair Klar Scan - Import JSON reports of Docker image vulnerabilities from clair klar client.
  • clair_scan: Clair Scan - Import JSON reports of Docker image vulnerabilities.
  • cloudsploit_scan: Cloudsploit Scan - Cloudsploit report file can be imported in JSON format (option --json).
  • cobalt_io_api_import: Cobalt.io API Import - Cobalt.io findings can be directly imported using the Cobalt.io API. An API Scan Configuration has to be setup in the Product.
  • cobalt_io_scan: Cobalt.io Scan - CSV Report
  • codechecker_report_native: Codechecker Report native - Import Codechecker Report in native JSON format.
  • contrast_scan: Contrast Scan - CSV Report
  • coverity_api: Coverity API - Import Coverity API view data in JSON format (/api/viewContents/issues endpoint).
  • crashtest_security_json_file: Crashtest Security JSON File - XML Report
  • crashtest_security_xml_file: Crashtest Security JSON File - XML Report
  • credscan_scan: CredScan Scan - Import CSV output of CredScan scan report.
  • cyclonedx: CycloneDX - CycloneDX v1.4 JSON
  • dawnscanner_scan: DawnScanner Scan - Dawnscanner (-j) output file can be imported in JSON format.
  • dependency_check_scan: Dependency Check Scan - OWASP Dependency Check output can be imported in Xml format.
  • dependency_track_finding_packaging_format_fpf_export: Dependency Track Finding Packaging Format (FPF) Export - The Finding Packaging Format (FPF) from OWASP Dependency Track can be imported in JSON format. See here for more info on this JSON format.
  • detect_secrets_scan: Detect-secrets Scan - Import JSON output for detect-secrets scan report.
  • docker_bench_security_scan: docker-bench-security Scan - Import JSON reports of Docker CIS benchmark scans.
  • dockle_scan: Dockle Scan - Import JSON output for Dockle scan report.
  • drheader_json_importer: DrHeader JSON Importer - Import result of DrHeader JSON output.
  • dsop_scan: DSOP Scan - Import XLSX findings from DSOP vulnerability scan pipelines.
  • edgescan_scan: Edgescan Scan - Edgescan findings can be imported by API or JSON file.
  • eslint_scan: ESLint Scan - JSON report format
  • fortify_scan: Fortify Scan - Import Findings from XML file format.
  • generic_findings_import: Generic Findings Import - Import Generic findings in CSV or JSON format.
  • ggshield_scan: Ggshield Scan - Import Ggshield Scan findings in JSON format.
  • github_vulnerability_scan: Github Vulnerability Scan - Import vulnerabilities from Github API (GraphQL Query)
  • gitlab_api_fuzzing_report_scan: GitLab API Fuzzing Report Scan - GitLab API Fuzzing Report report file can be imported in JSON format (option --json).
  • gitlab_container_scan: GitLab Container Scan - GitLab Container Scan report file can be imported in JSON format (option --json).
  • gitlab_dast_report: GitLab DAST Report - GitLab DAST Report in JSON format (option --json).
  • gitlab_dependency_scanning_report: GitLab Dependency Scanning Report - Import GitLab SAST Report vulnerabilities in JSON format.
  • gitlab_sast_report: GitLab SAST Report - Import GitLab SAST Report vulnerabilities in JSON format.
  • gitlab_secret_detection_report: GitLab Secret Detection Report - GitLab Secret Detection Report file can be imported in JSON format (option --json).
  • gitleaks_scan: Gitleaks Scan - Import Gitleaks Scan findings in JSON format.
  • gosec_scanner: Gosec Scanner - Import Gosec Scanner findings in JSON format.
  • govulncheck_scanner: Govulncheck Scanner - Import Govulncheck Scanner findings in JSON format.
  • hackerone_cases: HackerOne Cases - Import HackerOne cases findings in JSON format.
  • hadolint_dockerfile_check: Hadolint Dockerfile check - Import Hadolint Dockerfile check findings in JSON format.
  • harbor_vulnerability_scan: Harbor Vulnerability Scan - Import vulnerabilities from Harbor API.
  • horusec_scan: Horusec Scan - JSON output of Horusec cli.
  • huskyci_report: HuskyCI Report - Import HuskyCI Report vulnerabilities in JSON format.
  • hydra_scan: Hydra Scan - Hydra Scan can be imported in JSON format.
  • ibm_appscan_dast: IBM AppScan DAST - XML file from IBM App Scanner.
  • immuniweb_scan: Immuniweb Scan - XML Scan Result File from Imuniweb Scan.
  • intsights_report: IntSights Report - IntSights report file can be imported in JSON format.
  • jfrog_xray_api_summary_artifact_scan: JFrog Xray API Summary Artifact Scan - Import Xray findings in JSON format from the JFrog Xray API Summary/Artifact JSON response
  • jfrog_xray_scan: JFrog Xray Scan - Import Xray findings in JSON format.
  • jfrog_xray_unified_scan: JFrog Xray Unified Scan - Import Xray Unified (i.e. Xray version 3+) findings in JSON format.
  • kics_scan: KICS Scan - Import JSON output for KICS scan report.
  • kiuwan_scan: Kiuwan Scan - Import Kiuwan Scan in CSV format. Export as CSV Results on Kiuwan.
  • kube_bench_scan: kube-bench Scan - Import JSON reports of Kubernetes CIS benchmark scans.
  • logic_bomb_scan: Logic Bomb - Logic Bomb Issues Listing document
  • meterian_scan: Meterian Scan - Meterian JSON report output file can be imported.
  • microfocus_webinspect_scan: Microfocus Webinspect Scan - Import XML report
  • mobsf_scan: MobSF Scan - Export a JSON file using the API, api/v1/report_json.
  • mobsfscan_scan: Mobsfscan Scan - Import JSON report for mobsfscan report file.
  • mozilla_observatory_scan: Mozilla Observatory Scan - Import JSON report.
  • netsparker_scan: Netsparker Scan - Netsparker JSON format.
  • neuvector_compliance: NeuVector (compliance) - Imports compliance scans returned by REST API.
  • neuvector_rest: NeuVector (REST)
  • nexpose_scan: Nexpose Scan - Use the full XML export template from Nexpose.
  • nikto_scan: Nikto Scan - description: 'XML output (old and new nxvmlversion=1.2 type) or JSON output'
  • nmap_scan: Nmap Scan - XML output (use -oX)
  • node_security_platform_scan: Node Security Platform Scan - Node Security Platform (NSP) output file can be imported in JSON format.
  • npm_audit_scan: NPM Audit Scan - NPM Audit Scan json output up to v6 can be imported in JSON format.
  • nuclei_scan: Nuclei Scan - Import JSON output for nuclei scan report.
  • openscap_vulnerability_scan: Openscap Vulnerability Scan - Import Openscap Vulnerability Scan in XML formats.
  • openvas_csv: OpenVAS CSV - Import OpenVAS Scan in CSV format. Export as CSV Results on OpenVAS.
  • ort_evaluated_model_importer: ORT evaluated model Importer - Import Outpost24 endpoint vulnerability scan in XML format.
  • ossindex_devaudit_sca_scan_importer: OssIndex Devaudit SCA Scan Importer - Import OssIndex Devaudit SCA Scan in json format.
  • outpost24_scan: Outpost24 Scan - Import Outpost24 endpoint vulnerability scan in XML format.
  • php_security_audit_v2: PHP Security Audit v2 - Import PHP Security Audit v2 Scan in JSON format.
  • php_symfony_security_check: PHP Symfony Security Check - Import results from the PHP Symfony Security Checker by Sensioslabs.
  • pip_audit_scan: pip-audit Scan - Import pip-audit JSON scan report.
  • pmd_scan: PMD Scan - CSV Report
  • popeye_scan: Popeye Scan - Popeye report file can be imported in JSON format (option --json).
  • pwn_sast: PWN SAST - Import pwn_sast Driver findings in JSON format.
  • qualys_infrastructure_scan_webgui_xml: Qualys Infrastructure Scan (WebGUI XML) - Qualys WebGUI output files can be imported in XML format.
  • qualys_scan: Qualys Scan - Qualys WebGUI output files can be imported in XML format.
  • qualys_webapp_scan: Qualys Webapp Scan - Qualys WebScan output files can be imported in XML format.
  • retire_js_scan: Retire.js Scan - Retire.js JavaScript scan (--js) output file can be imported in JSON format.
  • rubocop_scan: Rubocop Scan - Import Rubocop JSON scan report (with option -f json).
  • rusty_hog_scan: Rusty Hog Scan - Rusty Hog Scan - JSON Report
  • sarif: SARIF - SARIF report file can be imported in SARIF format.
  • scantist_scan: Scantist Scan - Import Scantist Dependency Scanning Report vulnerabilities in JSON format.
  • scout_suite_scan: Scout Suite Scan - JS file in scoutsuite-results/scoutsuite_results_*.js.
  • semgrep_json_report: Semgrep JSON Report - Import Semgrep output (--json)
  • skf_scan: SKF Scan - Output of SKF Sprint summary export.
  • snyk_scan: Snyk Scan - Snyk output file (snyk test --json > snyk.json) can be imported in JSON format.
  • solar_appscreener_scan: Solar Appscreener Scan - Solar Appscreener report file can be imported in CSV format from Detailed_Results.csv.
  • sonarqube_scan: SonarQube Scan - Import all findings from sonarqube html report. SonarQube output file can be imported in HTML format. Generate with https://github.com/soprasteria/sonar-report version >= 1.1.0
  • sonarqube_scan_detailed: SonarQube Scan - Import all findings from sonarqube html report. SonarQube output file can be imported in HTML format. Generate with https://github.com/soprasteria/sonar-report version >= 1.1.0
  • sonatype_application_scan: Sonatype Application Scan - Can be imported in JSON format
  • spdx: SPDX - SPDX JSON (up to v2.3)
  • spotbugs_scan: SpotBugs Scan - XML report of textui cli.
  • ssl_labs_scan: SSL Labs Scan - JSON Output of ssllabs-scan cli.
  • sslscan: Sslscan - Import XML output of sslscan report.
  • sslyze_scan: SSLyze Scan (JSON) - Import XML report of SSLyze version 2 scan.
  • sslyze_scan_json: SSLyze Scan (JSON) - Import XML report of SSLyze version 2 scan.
  • stackhawk_hawkscan: StackHawk HawkScan - StackHawk webhook event can be imported in JSON format.
  • talisman_scan: Talisman Scan - Import Talisman Scan findings in JSON format.
  • tenable_scan: Tenable Scan - Reports can be imported as CSV or .nessus (XML) report formats.
  • terrascan_scan: Terrascan Scan - Import JSON output for Terrascan scan report.
  • testssl_scan: Testssl Scan - Import CSV output of testssl scan report.
  • tfsec_scan: TFSec Scan - Import JSON output for TFSec scan report.
  • trivy_operator_scan: Trivy Operator Scan - Import trivy-operator JSON scan report.
  • trivy_scan: Trivy Scan - Import trivy JSON scan report.
  • trufflehog3_scan: Trufflehog3 Scan - JSON Output of Trufflehog3, a fork of TruffleHog located at https://github.com/feeltheajf/truffleHog3
  • trufflehog_scan: Trufflehog Scan - JSON Output of Trufflehog. Supports version 2 and 3 of https://github.com/trufflesecurity/trufflehog
  • trustwave_fusion_api_scan: Trustwave Fusion API Scan - Trustwave Fusion API report file can be imported in JSON format
  • trustwave_scan_csv: Trustwave Scan (CSV) - CSV output of Trustwave vulnerability scan.
  • twistlock_image_scan: Twistlock Image Scan - JSON output of twistcli image scan or CSV.
  • vcg_scan: VCG Scan - VCG output can be imported in CSV or Xml formats.
  • veracode_scan: Veracode Scan - Reports can be imported as JSON or XML report formats.
  • veracode_sourceclear_scan: Veracode SourceClear Scan - Veracode SourceClear CSV or JSON report format
  • vulners: Vulners - Import Vulners Audit reports in JSON.
  • wapiti_scan: Wapiti Scan - Import XML report
  • wazuh: Wazuh - Wazuh
  • wfuzz_json_report: WFuzz JSON report - Import WFuzz findings in JSON format.
  • whispers_scan: Whispers Scan - Whispers report file can be imported in JSON format (option --json).
  • whitehat_sentinel: WhiteHat Sentinel - WhiteHat Sentinel output from api/vuln/query_site can be imported in JSON format.
  • whitesource_scan: Whitesource Scan - Import JSON report
  • wpscan: Wpscan - Import JSON report
  • xanitizer_scan: Xanitizer Scan - Import XML findings list report, preferably with parameter 'generateDetailsInFindingsListReport=true'.
  • yarn_audit_scan: Yarn Audit Scan - Yarn Audit Scan output file can be imported in JSON format.
  • zap_scan: ZAP Scan - ZAP XML report format.