Skip to main content
Supported Tool List

See a complete list of security tools supported by DefectDojo

Updated over 5 months ago

DefectDojo can import data from over 160 tools (and counting), so it's easy to set up in a way that supports your organization's security needs.

Here is a list of each tool supported by DefectDojo. Starred (*) tools are also supported with a Connector integration for rapid import.

  • Acunetix Scanner

  • Anchore Enterprise Policy Check

  • Anchore Grype

  • Anchore-Engine

  • AnchoreCTL Policies Report

  • AnchoreCTL Vuln Report

  • AppSpider (Rapid7)

  • Aqua

  • Arachni Scanner

  • AuditJS (OSSIndex)

  • AWS Prowler Scanner

  • AWS Prowler V3

  • AWS Security Finding Format (ASFF)

  • AWS Security Hub *

  • Azure Security Center Recommendations Scan

  • Bandit

  • Bearer CLI

  • Blackduck Binary Analysis

  • Blackduck Component Risk

  • Blackduck Hub

  • Brakeman Scan

  • Bugcrowd

  • Bundler-Audit

  • Burp Dastardly

  • Burp Enterprise Scan *

  • Burp GraphQL

  • Burp REST API

  • Burp XML

  • CargoAudit Scan

  • Checkmarx

  • Checkmarx One Scan *

  • Checkov Report

  • Chef Inspect Log

  • Clair Scan

  • Cloudsploit (AquaSecurity)

  • Cobalt.io Scan

  • Codechecker Report native

  • CodeQL

  • Contrast Scanner

  • Coverity API

  • Coverity Scan JSON Report

  • Crashtest Security

  • CredScan Report

  • Crunch42 Scan

  • CycloneDX

  • DawnScanner

  • Deepfence Threatmapper

  • Dependency Check

  • Dependency Track

  • Detect-secrets

  • docker-bench-security Scanner

  • Dockle Report

  • DrHeader

  • DSOP Scan

  • Edgescan

  • ESLint

  • Fortify

  • Generic Findings Import

  • Ggshield

  • Github Vulnerability

  • GitLab API Fuzzing Report Scan

  • GitLab Container Scan

  • GitLab DAST Report

  • GitLab Dependency Scanning Report

  • GitLab SAST Report

  • GitLab Secret Detection Report

  • Gitleaks

  • Google Cloud Artifact Vulnerability Scan

  • Gosec Scanner

  • Govulncheck

  • HackerOne Cases

  • Hadolint

  • Harbor Vulnerability

  • HCL Appscan

  • Horusec

  • Humble Report

  • HuskyCI Report

  • Hydra

  • IBM AppScan DAST

  • Immuniweb Scan

  • IntSights Report

  • JFrog Xray API Summary Artifact Scan

  • JFrog Xray On Demand Binary Scan

  • JFrog XRay Unified

  • JFrogXRay

  • KICS Scanner

  • Kiuwan Scanner

  • kube-bench Scanner

  • Kubeaudit Scan

  • kubeHunter Scanner

  • Kubescape Scanner

  • Mend Scan

  • Meterian Scanner

  • Microfocus Webinspect Scanner

  • MobSF Scanner

  • Mobsfscan

  • Mozilla Observatory Scanner

  • MS Defender Parser

  • Nancy Scan

  • Netsparker

  • NeuVector (compliance)

  • NeuVector (REST)

  • Nexpose XML 2.0 (Rapid7)

  • Nikto

  • Nmap

  • Node Security Platform

  • Nosey Parker

  • NPM Audit

  • NPM Audit Version 7+

  • Nuclei

  • Openscap Vulnerability Scan

  • OpenVAS Parser

  • ORT evaluated model Importer

  • OssIndex Devaudit

  • OSV Scanner

  • Outpost24 Scan

  • PHP Security Audit v2

  • PHP Symfony Security Checker

  • pip-audit Scan

  • PMD Scan

  • Popeye

  • Probely *

  • Progpilot

  • PWN Security Automation Framework

  • Qualys Infrastructure Scan (WebGUI XML)

  • Qualys Scan

  • Qualys Webapp Scan

  • Red Hat Satellite

  • Retire.js

  • Risk Recon API Importer

  • Rubocop Scan

  • Rusty Hog parser

  • SARIF

  • Scantist Scan

  • ScoutSuite

  • Semgrep JSON Report *

  • SKF Scan

  • Snyk *

  • Snyk Code

  • Solar Appscreener Scan

  • SonarQube

  • Sonatype

  • SpotBugs

  • SSH Audit

  • SSL Labs

  • Sslscan

  • Sslyze Scan

  • StackHawk HawkScan

  • Sysdig Vulnerability Reports

  • Talisman

  • Tenable

  • Terrascan

  • Testssl Scan

  • TFSec

  • Threagile

  • Trivy

  • Trivy Operator

  • Trufflehog

  • Trufflehog3

  • Trustwave

  • Trustwave Fusion API Scan

  • Twistlock

  • Veracode

  • Veracode SourceClear

  • Visual Code Grepper (VCG)

  • Wapiti Scan

  • Wazuh Scanner

  • Wfuzz JSON importer

  • Whispers

  • WhiteHat Sentinel

  • Wiz Scanner

  • Wpscan Scanner

  • Xanitizer

  • Yarn Audit

  • Zed Attack Proxy

Did this answer your question?