| scan_date |
date |
Scan completion date will be used on all findings. |
[optional] |
| minimum_severity |
str |
Minimum severity level to be imported * `Info` - Info * `Low` - Low * `Medium` - Medium * `High` - High * `Critical` - Critical |
[optional] [default to 'Info'] |
| active |
bool |
Force findings to be active/inactive or default to the original tool (None) |
[optional] |
| verified |
bool |
Force findings to be verified/not verified or default to the original tool (None) |
[optional] |
| endpoint_to_add |
int |
Enter the ID of an Endpoint that is associated with the target Product. New Findings will be added to that Endpoint. |
[optional] |
| file |
str |
|
[optional] |
| product_type_name |
str |
Also referred to as 'Organization' name. |
[optional] |
| product_name |
str |
Also referred to as 'Asset' name. |
[optional] |
| engagement_name |
str |
|
[optional] |
| engagement_end_date |
date |
End Date for Engagement. Default is current time + 365 days. Required format year-month-day |
[optional] |
| source_code_management_uri |
str |
Resource link to source code |
[optional] |
| test_title |
str |
|
[optional] |
| auto_create_context |
bool |
|
[optional] |
| deduplication_on_engagement |
bool |
|
[optional] |
| lead |
int |
|
[optional] |
| push_to_jira |
bool |
|
[optional] [default to False] |
| environment |
str |
|
[optional] |
| build_id |
str |
ID of the build that was scanned. |
[optional] |
| branch_tag |
str |
Branch or Tag that was scanned. |
[optional] |
| commit_hash |
str |
Commit that was scanned. |
[optional] |
| api_scan_configuration |
int |
|
[optional] |
| service |
str |
A service is a self-contained piece of functionality within a Product. This is an optional field which is used in deduplication and closing of old findings when set. This affects the whole engagement/product depending on your deduplication scope. |
[optional] |
| group_by |
str |
Choose an option to automatically group new findings by the chosen option. * `component_name` - Component Name * `component_name+component_version` - Component Name + Version * `file_path` - File path * `finding_title` - Finding Title * `vuln_id_from_tool` - Vulnerability ID from Tool |
[optional] |
| create_finding_groups_for_all_findings |
bool |
If set to false, finding groups will only be created when there is more than one grouped finding |
[optional] [default to True] |
| test_id |
int |
|
[optional] [readonly] |
| engagement_id |
int |
|
[optional] [readonly] |
| product_id |
int |
Also referred to as 'Asset' ID. |
[optional] [readonly] |
| product_type_id |
int |
Also referred to as 'Organization' ID. |
[optional] [readonly] |
| statistics |
ImportStatistics |
|
[optional] [readonly] |
| pro |
List[object] |
|
[optional] [readonly] |
| apply_tags_to_findings |
bool |
If set to True, the tags will be applied to the findings |
[optional] |
| apply_tags_to_endpoints |
bool |
If set to True, the tags will be applied to the locations |
[optional] |
| do_not_reactivate |
bool |
Select if the import should ignore active findings from the report, useful for triage-less scanners. Will keep existing findings closed, without reactivating them. For more information check the docs. |
[optional] [default to False] |
| scan_type |
str |
* `Acunetix Scan` - Acunetix Scanner * `Anchore Engine Scan` - Anchore Engine Scan * `Anchore Enterprise Policy Check` - Anchore Enterprise Policy Check * `Anchore Grype` - Anchore Grype * `Anchore Grype detailed` - Anchore Grype detailed * `AnchoreCTL Policies Report` - AnchoreCTL Policies Report * `AnchoreCTL Vuln Report` - AnchoreCTL Vuln Report * `AppCheck Web Application Scanner` - AppCheck Web Application Scanner * `AppSpider Scan` - AppSpider Scan * `Aqua Scan` - Aqua Scan * `Arachni Scan` - Arachni Scan * `AuditJS Scan` - AuditJS Scan * `AWS Inspector2 Scan` - AWS Inspector2 Scan * `AWS Prowler Scan` - AWS Prowler Scan * `AWS Prowler V3` - AWS Prowler V3 * `AWS Security Finding Format (ASFF) Scan` - AWS Security Finding Format (ASFF) * `AWS Security Hub Scan` - AWS Security Hub Scan * `Azure Security Center Recommendations Scan` - Azure Security Center Recommendations Scan * `Bandit Scan` - Bandit Scan * `Bearer CLI` - Bearer CLI * `BlackDuck API` - BlackDuck API * `Blackduck Binary Analysis` - Blackduck Binary Analysis * `Blackduck Component Risk` - Blackduck Component Risk * `Blackduck Hub Scan` - Blackduck Hub Scan * `Brakeman Scan` - Brakeman Scan * `Bugcrowd API Import` - Bugcrowd API Import * `BugCrowd Scan` - BugCrowd Scan * `Bundler-Audit Scan` - Bundler-Audit Scan * `Burp Dastardly Scan` - Burp Dastardly Scan * `Burp Enterprise Scan` - Burp Enterprise Scan (RENAMED to Burp Suite DAST Scan) * `Burp REST API` - Burp REST API * `Burp Scan` - Burp Scan * `Burp GraphQL API` - Burp Suite DAST GraphQL API * `Burp Suite DAST Scan` - Burp Suite DAST Scan * `CargoAudit Scan` - CargoAudit Scan * `Checkmarx CxFlow SAST` - Checkmarx CxFlow SAST * `Checkmarx One Scan` - Checkmarx One Scan * `Checkmarx OSA` - Checkmarx OSA * `Checkmarx Scan` - Checkmarx Scan * `Checkmarx Scan detailed` - Checkmarx Scan detailed * `Checkov Scan` - Checkov Scan * `Chef Inspect Log` - Chef Inspect Log * `Choctaw Hog Scan` - Choctaw Hog Scan * `Clair Scan` - Clair Scan * `Cloudflare Insights` - Cloudflare Insights * `Cloudsploit Scan` - Cloudsploit Scan * `Cobalt.io API Import` - Cobalt.io API Import * `Cobalt.io Scan` - Cobalt.io Scan * `Codechecker Report native` - Codechecker Report native * `Contrast Scan` - Contrast Scan * `Coverity API` - Coverity API * `Coverity Scan JSON Report` - Coverity Scan JSON Report * `Crashtest Security JSON File` - Crashtest Security JSON File * `Crashtest Security XML File` - Crashtest Security XML File * `CredScan Scan` - CredScan Scan * `Crunch42 Scan` - Crunch42 Scan * `Cyberwatch scan (Galeax)` - Cyberwatch scan (Galeax) * `CycloneDX Scan` - CycloneDX Scan * `Cycognito Scan` - Cycognito Scan * `DawnScanner Scan` - DawnScanner Scan * `Deepfence Threatmapper Report` - Deepfence Threatmapper Report * `Dependency Check Scan` - Dependency Check Scan * `Dependency Track Finding Packaging Format (FPF) Export` - Dependency Track Finding Packaging Format (FPF) Export * `Detect-secrets Scan` - Detect-secrets Scan * `docker-bench-security Scan` - docker-bench-security Scan * `Dockle Scan` - Dockle Scan * `DrHeader JSON Importer` - DrHeader JSON Importer * `DSOP Scan` - DSOP Scan * `Duroc Hog Scan` - Duroc Hog Scan * `Edgescan Scan` - Edgescan Scan * `ESLint Scan` - ESLint Scan * `Essex Hog Scan` - Essex Hog Scan * `Fortify Scan` - Fortify Scan * `Generic Findings Import` - Generic Findings Import * `Ggshield Scan` - Ggshield Scan * `Github SAST Scan` - Github SAST Scan * `Github Secrets Detection Report Scan` - Github Secrets Detection Report Scan * `Github Vulnerability Scan` - Github Vulnerability Scan * `GitLab API Fuzzing Report Scan` - GitLab API Fuzzing Report Scan * `GitLab Container Scan` - GitLab Container Scan Scan * `GitLab DAST Report` - GitLab DAST Report * `GitLab Dependency Scanning Report` - GitLab Dependency Scanning Report * `GitLab SAST Report` - GitLab SAST Report * `GitLab Secret Detection Report` - GitLab Secret Detection Report * `Gitleaks Scan` - Gitleaks Scan * `Google Cloud Artifact Vulnerability Scan` - Google Cloud Artifact Vulnerability Scan * `Gosec Scanner` - Gosec Scanner * `Gottingen Hog Scan` - Gottingen Hog Scan * `Govulncheck Scanner` - Govulncheck Scanner * `HackerOne Cases` - HackerOne Cases * `Hadolint Dockerfile check` - Hadolint Dockerfile check * `Harbor Vulnerability Scan` - Harbor Vulnerability Scan * `HCL AppScan on Cloud SAST XML` - HCL AppScan on Cloud SAST XML * `HCLAppScan XML` - HCLAppScan XML * `Horusec Scan` - Horusec Scan * `Humble Json Importer` - Humble Json Importer * `HuskyCI Report` - HuskyCI Report * `Hydra Scan` - Hydra Scan * `IBM AppScan DAST` - IBM AppScan DAST * `Immuniweb Scan` - Immuniweb Scan * `IntSights Report` - IntSights Report * `Invicti Scan` - Invicti Scan * `IriusRisk Threats Scan` - IriusRisk Threats Scan * `JFrog Xray API Summary Artifact Scan` - JFrog Xray API Summary Artifact Scan * `JFrog Xray On Demand Binary Scan` - JFrog Xray On Demand Binary Scan * `JFrog Xray Scan` - JFrog Xray Scan * `JFrog Xray Unified Scan` - JFrog Xray Unified Scan * `KICS Scan` - KICS Scan * `Kiuwan SCA Scan` - Kiuwan SCA Scan * `Kiuwan Scan` - Kiuwan Scan * `KrakenD Audit Scan` - KrakenD Audit Scan * `kube-bench Scan` - kube-bench Scan * `Kubeaudit Scan` - Kubeaudit Scan * `KubeHunter Scan` - KubeHunter Scan * `Kubescape JSON Importer` - Kubescape JSON Importer * `Legitify Scan` - Legitify Scan * `Mayhem SARIF Report` - Mayhem SARIF Report * `Mend Scan` - Mend Scan * `Meterian Scan` - Meterian Scan * `Microfocus Webinspect Scan` - Microfocus Webinspect Scan * `MobSF Scan` - MobSF Scan * `Mobsfscan Scan` - MobSF Scan * `MobSF Scorecard Scan` - MobSF Scorecard Scan * `Mozilla Observatory Scan` - Mozilla Observatory Scan * `MSDefender Parser` - MSDefender Parser * `n0s1 Scanner` - n0s1 Scanner * `Nancy Scan` - Nancy Scan * `Netsparker Scan` - Netsparker Scan * `NeuVector (compliance)` - NeuVector (compliance) * `NeuVector (REST)` - NeuVector (REST) * `Nexpose Scan` - Nexpose Scan * `Nikto Scan` - Nikto Scan * `Nmap Scan` - Nmap Scan * `Node Security Platform Scan` - Node Security Platform Scan * `Nosey Parker Scan` - Nosey Parker Scan * `NPM Audit Scan` - NPM Audit Scan * `NPM Audit v7+ Scan` - NPM Audit v7+ Scan * `Nuclei Scan` - Nuclei Scan * `OpenReports` - OpenReports * `Openscap Vulnerability Scan` - Openscap Vulnerability Scan * `OpenVAS Parser` - OpenVAS Parser * `OpenVAS Parser v2` - OpenVAS Parser v2 * `Orca Security Alerts` - Orca Security Alerts * `ORT evaluated model Importer` - ORT evaluated model Importer * `OssIndex Devaudit SCA Scan Importer` - OssIndex Devaudit SCA Scan Importer * `OSV Scan` - OSV Scan * `Outpost24 Scan` - Outpost24 Scan * `PHP Security Audit v2` - PHP Security Audit v2 * `PHP Symfony Security Check` - PHP Symfony Security Check * `PingCastle` - PingCastle * `pip-audit Scan` - pip-audit Scan * `PMD Scan` - PMD Scan * `Popeye Scan` - Popeye Scan * `Progpilot Scan` - Progpilot Scan * `Prowler Scan` - Prowler Scan * `PTART Report` - PTART Report * `PWN SAST` - PWN SAST * `Qualys Hacker Guardian Scan` - Qualys Hacker Guardian Scan * `Qualys Infrastructure Scan (WebGUI XML)` - Qualys Infrastructure Scan (WebGUI XML) * `Qualys Scan` - Qualys Scan * `Qualys Webapp Scan` - Qualys Webapp Scan * `Rapplex Scan` - Rapplex Scan * `Red Hat Satellite` - Red Hat Satellite * `Retire.js Scan` - Retire.js Scan * `ReversingLabs Spectra Assure` - ReversingLabs Spectra Assure * `Risk Recon API Importer` - Risk Recon API Importer * `Rubocop Scan` - Rubocop Scan * `Rusty Hog Scan` - Rusty Hog Scan * `SARIF` - SARIF * `Scantist Scan` - Scantist Scan * `Scout Suite Scan` - Scout Suite Scan * `Semgrep JSON Report` - Semgrep JSON Report * `Semgrep Pro JSON Report` - Semgrep Pro JSON Report * `SKF Scan` - SKF Scan * `Snyk Code Scan` - Snyk Code Scan * `Snyk Issue API Scan` - Snyk Issue API Scan * `Snyk Scan` - Snyk Scan * `Solar Appscreener Scan` - Solar Appscreener Scan Detailed_Results.csv * `SonarQube API Import` - SonarQube API Import * `SonarQube Scan` - SonarQube Scan * `SonarQube Scan detailed` - SonarQube Scan detailed * `Sonatype Application Scan` - Sonatype Application Scan * `SpotBugs Scan` - SpotBugs Scan * `SSH Audit Importer` - SSH Audit Importer * `SSL Labs Scan` - SSL Labs Scan * `Sslscan` - Sslscan * `Sslyze Scan` - Sslyze Scan * `SSLyze Scan (JSON)` - SSLyze Scan (JSON) * `StackHawk HawkScan` - StackHawk HawkScan * `Sysdig CLI Report` - Sysdig CLI Report Scan * `Sysdig Vulnerability Report` - Sysdig Vulnerability Report Scan * `Talisman Scan` - Talisman Scan * `Tenable Scan` - Tenable Scan * `Terrascan Scan` - Terrascan Scan * `Testssl Scan` - Testssl Scan * `TFSec Scan` - TFSec Scan * `Threagile risks report` - Threagile risks report * `ThreatComposer Scan` - ThreatComposer Scan * `Trivy Operator Scan` - Trivy Operator Scan * `Trivy Scan` - Trivy Scan * `Trufflehog Scan` - Trufflehog Scan * `Trufflehog3 Scan` - Trufflehog3 Scan * `Trustwave Fusion API Scan` - Trustwave Fusion API Scan * `Trustwave Scan (CSV)` - Trustwave Scan (CSV) * `Twistlock Image Scan` - Twistlock Image Scan * `VCG Scan` - VCG Scan * `Veracode Scan` - Veracode Scan * `Veracode SourceClear Scan` - Veracode SourceClear Scan * `Vulners` - Vulners * `Wapiti Scan` - Wapiti Scan * `Wazuh` - Wazuh * `WFuzz JSON report` - WFuzz JSON report * `Whispers Scan` - Whispers Scan * `WhiteHat Sentinel` - WhiteHat Sentinel * `Wiz Scan` - Wiz Scan * `Wizcli Dir Scan` - Wizcli Dir Scan * `Wizcli IaC Scan` - Wizcli IaC Scan * `Wizcli Img Scan` - Wizcli Img Scan * `Wpscan` - Wpscan * `Xanitizer Scan` - Xanitizer Scan * `Xeol Parser` - Xeol Parser * `Yarn Audit Scan` - Yarn Audit Scan * `ZAP Scan` - ZAP Scan * `Zora Parser` - Zora Parser |
[optional] |
| test |
int |
|
[optional] |
| close_old_findings |
bool |
Old findings no longer present in the new report get closed as mitigated when importing. If service has been set, only the findings for this service will be closed; if no service is set, only findings without a service will be closed. This only affects findings within the same test. |
[optional] [default to True] |
| close_old_findings_product_scope |
bool |
This has no effect on reimport |
[optional] [default to False] |
| version |
str |
Version that will be set on existing Test object. Leave empty to leave existing value in place. |
[optional] |
| tags |
List[str] |
Modify existing tags that help describe this scan. (Existing test tags will be overwritten) |
[optional] |