Canopy
Canopy

Supported tools

The following tools are currently supported by Canopy:

Tool Versions supported Source Notes
Nessus 6.0-6.10 https://tenable.com

The .nessus format is supported.

Canopy supports both the vulnerability results and also the compliance audit results from Nessus.

Qualys Vulnerability Scanner scan-1.dtd https://qualys.com We track the scan-1.dtd specification and support importing the XML output.
nmap v6.x, v7.x https://nmap.org XML results file supported. Port scan data is stored separately to vulnerability and NSE data (stored as findings).
Burpsuite Pro (scanner) v1.6, v1.7 https://portswigger.net The XML report file is currently supported. The HTML report will be supported soon.
Netsparker 4.x https://netsparker.com XML results file supported.
SSLScan 1.11.8 and current https://github.com/rbsec/sslscan XML results file supported. The vulnerability extensions are also supported.
Nikto2 v2 https://github.com/sullo/nikto XML results file supported.
Fortify 16 <= 16.11 http://www8.hp.com/us/en/software-solutions/application-security-testing/

XML results file supported.

  • Legacy Report
  • Template: Developer Workbook
  • Report format: XML
SecureAssist Latest https://www.cigital.com/services/secureassist/ XML results file supported.
OpenVAS v6, v7, v8 https://openvas.org XML results file supported.
Nexpose Community edition https://www.rapid7.com/products/nexpose/ Limited support for the Nexpose community edition XML results.
Surecheck (deprecated) Not supported https://twitter.com/wildcroftsec?lang=en Unfortunately this tool is no longer supported by the vendor.

The following tools are on the short term roadmap for support:

  • AppScan
  • OWASP ZAP
  • Nipper
  • Acunetix
  • testssl.sh
  • Arachni
  • w3af
  • Metasploit

If you have a specific need for a tool, please open a ticket via https://support.checksec.com or you may also consider writing your own importer. For further information, see Extending Canopy.