Supported tools

The following tools are currently supported by Canopy:

Tool Versions supported Source Notes
Nessus 6.0-6.10

The .nessus format is supported.

Canopy supports both the vulnerability results and also the compliance audit results from Nessus.

Qualys Vulnerability Scanner scan-1.dtd We track the scan-1.dtd specification and support importing the XML output.
nmap v6.x, v7.x XML results file supported. Port scan data is stored separately to vulnerability and NSE data (stored as findings).
Burpsuite Pro (scanner) v1.6, v1.7 The XML report file is currently supported. The HTML report will be supported soon.
Netsparker 4.x XML results file supported.
SSLScan 1.11.8 and current XML results file supported. The vulnerability extensions are also supported.
Nikto2 v2 XML results file supported.
Fortify 16 <= 16.11

XML results file supported.

  • Legacy Report
  • Template: Developer Workbook
  • Report format: XML
SecureAssist Latest XML results file supported.
OpenVAS v6, v7, v8 XML results file supported.
Nexpose Community edition Limited support for the Nexpose community edition XML results.
Surecheck (deprecated) Not supported Unfortunately this tool is no longer supported by the vendor.

The following tools are on the short term roadmap for support:

  • AppScan
  • Nipper
  • Acunetix
  • Arachni
  • w3af
  • Metasploit

If you have a specific need for a tool, please open a ticket via or you may also consider writing your own importer. For further information, see Extending Canopy.