Supported tools

The following tools are currently supported by Canopy:

Tool	Versions supported	Source	Notes
Nessus	6.0-6.10	https://tenable.com	The .nessus format is supported. Canopy supports both the vulnerability results and also the compliance audit results from Nessus.
Qualys Vulnerability Scanner	scan-1.dtd	https://qualys.com	We track the scan-1.dtd specification and support importing the XML output.
nmap	v6.x, v7.x	https://nmap.org	XML results file supported. Port scan data is stored separately to vulnerability and NSE data (stored as findings).
Burpsuite Pro (scanner)	v1.6, v1.7	https://portswigger.net	The XML report file is currently supported. The HTML report will be supported soon.
Netsparker	4.x	https://netsparker.com	XML results file supported.
SSLScan	1.11.8 and current	https://github.com/rbsec/sslscan	XML results file supported. The vulnerability extensions are also supported.
Nikto2	v2	https://github.com/sullo/nikto	XML results file supported.
Fortify	16 <= 16.11	http://www8.hp.com/us/en/software-solutions/application-security-testing/	XML results file supported. Legacy Report Template: Developer Workbook Report format: XML
SecureAssist	Latest	https://www.cigital.com/services/secureassist/	XML results file supported.
OpenVAS	v6, v7, v8	https://openvas.org	XML results file supported.
Nexpose	Community edition	https://www.rapid7.com/products/nexpose/	Limited support for the Nexpose community edition XML results.
Surecheck (deprecated)	Not supported	https://twitter.com/wildcroftsec?lang=en	Unfortunately this tool is no longer supported by the vendor.

The following tools are on the short term roadmap for support:

• AppScan

• OWASP ZAP

• Nipper

• Acunetix

• testssl.sh

• Arachni

• w3af

• Metasploit

If you have a specific need for a tool, please open a ticket via https://support.checksec.com or you may also consider writing your own importer. For further information, see Extending Canopy.