All integrations
DAST

Burp Suite integration

Three routes cover PortSwigger Burp Suite: upload the classic Burp XML issue export, upload the Burp REST API JSON, or connect Burp Suite Enterprise directly — Centraleyezer pulls the latest completed scan of each site and imports the issues with base64-decoded request/response evidence. Centraleyezer can also launch Burp scans against your web assets with application logins supplied from the project.

Scan types imported

  • Web application DAST issues
  • Full request/response evidence

File import

XMLJSON (Burp REST API)

Upload the Burp Suite XML export (one issue element per finding) or the JSON produced by the Burp REST API.

What Centraleyezer expects in the file

  • XML per issue: host, issue name, issueDetail (description), remediationBackground, raw request and response, severity (High/Medium/Low/Info).
  • JSON: issue_events with the issue’s name, description, severity, path, origin and evidence.
  • Web application assets are matched by host / origin URL.

API connection

For Burp Suite Enterprise, enter the Enterprise host and an API key. The Test button lists your sites and their in-scope URLs; each web asset is mapped to a site start URL, and every import pulls the issues of the most recent completed scan for that site.

Configuration

Hostname
Burp Suite Enterprise host (hostname:port form; default port 443).
API Key
A Burp Suite Enterprise API key — no username needed.
Remote Identifier
The site start URL to import — populated by the Test button from the Enterprise site tree.
Proxy (optional)
HTTP proxy host:port plus optional proxy credentials.

Where to get the credentials

Create an API key in Burp Suite Enterprise (Team → API keys, requires an administrator). The key must be allowed to read the target sites and scans.

What gets imported on every run

  • All issues of the latest completed scan per site: issue type, severity, description and remediation background.
  • Full HTTP request/response evidence, base64-decoded and stored on the finding.
  • Port and protocol derived from the issue origin URL; issues are filtered per asset when a site has multiple scoped URLs.
  • TLS/SSL issues additionally feed the certificate inventory.

How imported findings are risk-scored

Every Burp Suite finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.

See the Burp Suite integration live

Book a demo and we’ll connect your Burp Suite data and walk through risk-based prioritisation on your own findings.

Burp Suite Integration — Setup & Imported Scan Types