Supported tools

The following tools are currently supported by Canopy:

ToolVersions supportedSourceNotes
Nessus6.0-6.10https://tenable.comThe .nessus format is supported. Canopy supports both the vulnerability results and also the compliance audit results from Nessus.
Qualys Vulnerability Scannerscan-1.dtdhttps://qualys.comWe track the scan-1.dtd specification and support importing the XML output.
nmapv6.x, v7.xhttps://nmap.orgXML results file supported. Port scan data is stored separately to vulnerability and NSE data (stored as findings).
Burpsuite Pro (scanner)v1.6, v1.7https://portswigger.netThe XML report file is currently supported. The HTML report will be supported soon.
Netsparker4.xhttps://netsparker.comXML results file supported.
SSLScan1.11.8 and current results file supported. The vulnerability extensions are also supported
Nikto2v2 results file supported.
Fortify16 <= 16.11

XML results file supported.

  • Legacy Report
  • Template: Developer Workbook
  • Report format: XML
SecureAssistLatest results file supported.
OpenVASv6, v7, v8https://openvas.orgXML results file supported.
NexposeCommunity Edition support for the Nexpose community edition XML results.
AcunetixLatesthttps://acunetix.comXML results file supported
Surecheck (deprecated)Not Supported this tool is no longer supported by the vendor.

The following tools are on the short term roadmap for support:

  • AppScan
  • Nipper
  • Metasploit

If you have a specific need for a tool, please open a ticket via or you may also consider writing your own importer. For further information, see Extending Canopy.