DefectDojo, Inc.

DefectDojo can import data from over 160 tools (and counting), so it's easy to set up in a way that supports your organization's security needs.

Here is a list of each tool supported by DefectDojo. Starred (*) tools are also supported with a <a href="https://support.defectdojo.com/en/articles/9072654-introducing-connectors">Connector</a> integration for rapid import.

Azure Security Center Recommendations Scan

- Acunetix Scanner
- Anchore Enterprise Policy Check
- Anchore Grype
- Anchore-Engine
- AnchoreCTL Policies Report
- AnchoreCTL Vuln Report
- AppSpider (Rapid7)
- Aqua
- Arachni Scanner
- AuditJS (OSSIndex)
- AWS Prowler Scanner
- AWS Prowler V3
- AWS Security Finding Format (ASFF)
- AWS Security Hub *
- Azure Security Center Recommendations Scan
- Bandit
- Bearer CLI
- Blackduck Binary Analysis
- Blackduck Component Risk
- Blackduck Hub
- Brakeman Scan
- Bugcrowd
- Bundler-Audit
- Burp Dastardly
- Burp Enterprise Scan *
- Burp GraphQL
- Burp REST API
- Burp XML
- CargoAudit Scan
- Checkmarx
- Checkmarx One Scan *
- Checkov Report
- Chef Inspect Log
- Clair Scan
- Cloudsploit (AquaSecurity)
- Cobalt.io Scan
- Codechecker Report native
- CodeQL
- Contrast Scanner
- Coverity API
- Coverity Scan JSON Report
- Crashtest Security
- CredScan Report
- Crunch42 Scan
- CycloneDX
- DawnScanner
- Deepfence Threatmapper
- Dependency Check
- Dependency Track
- Detect-secrets
- docker-bench-security Scanner
- Dockle Report
- DrHeader
- DSOP Scan
- Edgescan
- ESLint
- Fortify
- Generic Findings Import
- Ggshield
- Github Vulnerability
- GitLab API Fuzzing Report Scan
- GitLab Container Scan
- GitLab DAST Report
- GitLab Dependency Scanning Report
- GitLab SAST Report
- GitLab Secret Detection Report
- Gitleaks
- Google Cloud Artifact Vulnerability Scan
- Gosec Scanner
- Govulncheck
- HackerOne Cases
- Hadolint
- Harbor Vulnerability
- HCL Appscan
- Horusec
- Humble Report
- HuskyCI Report
- Hydra
- IBM AppScan DAST
- Immuniweb Scan
- IntSights Report
- JFrog Xray API Summary Artifact Scan
- JFrog Xray On Demand Binary Scan
- JFrog XRay Unified
- JFrogXRay
- KICS Scanner
- Kiuwan Scanner
- kube-bench Scanner
- Kubeaudit Scan
- kubeHunter Scanner
- Kubescape Scanner
- Mend Scan
- Meterian Scanner
- Microfocus Webinspect Scanner
- MobSF Scanner
- Mobsfscan
- Mozilla Observatory Scanner
- MS Defender Parser
- Nancy Scan
- Netsparker
- NeuVector (compliance)
- NeuVector (REST)
- Nexpose XML 2.0 (Rapid7)
- Nikto
- Nmap
- Node Security Platform
- Nosey Parker
- NPM Audit
- NPM Audit Version 7+
- Nuclei
- Openscap Vulnerability Scan
- OpenVAS Parser
- ORT evaluated model Importer
- OssIndex Devaudit
- OSV Scanner
- Outpost24 Scan
- PHP Security Audit v2
- PHP Symfony Security Checker
- pip-audit Scan
- PMD Scan
- Popeye
- Probely *
- Progpilot
- PWN Security Automation Framework
- Qualys Infrastructure Scan (WebGUI XML)
- Qualys Scan
- Qualys Webapp Scan
- Red Hat Satellite
- Retire.js
- Risk Recon API Importer
- Rubocop Scan
- Rusty Hog parser
- SARIF
- Scantist Scan
- ScoutSuite
- Semgrep JSON Report *
- SKF Scan
- Snyk *
- Snyk Code
- Solar Appscreener Scan
- SonarQube
- Sonatype
- SpotBugs
- SSH Audit
- SSL Labs
- Sslscan
- Sslyze Scan
- StackHawk HawkScan
- Sysdig Vulnerability Reports
- Talisman
- Tenable
- Terrascan
- Testssl Scan
- TFSec
- Threagile
- Trivy
- Trivy Operator
- Trufflehog
- Trufflehog3
- Trustwave
- Trustwave Fusion API Scan
- Twistlock
- Veracode
- Veracode SourceClear
- Visual Code Grepper (VCG)
- Wapiti Scan
- Wazuh Scanner
- Wfuzz JSON importer
- Whispers
- WhiteHat Sentinel
- Wiz Scanner
- Wpscan Scanner
- Xanitizer
- Yarn Audit
- Zed Attack Proxy