Netsparker / Invicti integration
Two templates cover Invicti: the XML report and the JSON export. Findings arrive with full request/response evidence, CWE and OWASP 2017 classification, and CVSS vector/score.
Scan types imported
- Proof-based web application DAST
File import
Upload the Invicti XML report (one vulnerability element per finding) or the JSON export.
What Centraleyezer expects in the file
- XML per vulnerability: title, description, remedy, severity (Important/Medium/Low/Information), raw request/response, CWE, OWASP 2017 category, CVSS vector and score.
- JSON: name, description, impact-based recommendation, severity and HTTP request/response content per vulnerability.
- Web assets are matched by the target URL.
How imported findings are risk-scored
Every Netsparker / Invicti finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.