1. Home
  2. Phoenix REST API
  3. Importing with REST API

Importing with REST API

Users can import scanner vulnerability reports files from a wide variety of tools (see list below). The report import API described below can be used to import those reports through a process of translation into Phoenix internal format.

The API domain for Production is https://api.securityphoenix.cloud (not included in the paths below). If you are using a different environment to Production please contact your Phoenix team for the corrent API domain.

Import Scan Report Files

The API URL for report file import is:

POST /v1/import/assets/file/translate

This is an asynchronous request: this request uploads and enqueues that report for processing; the actual import takes place asynchronously in the background.

This request uses a multi-part form request to send the parameters and the report file to the API, hence the following header is required:

  • Content-Type: multipart/form-data


  • file: Required. The actual contents of the report file (multi-part form format)
  • scanType: Required. The name of the scan type of the report – see the list of supported formats below.
  • assessmentName: Required. The name of the assessment that this report is associated with. It provides context to successive imports of reports covering the same scope (assets).
  • importType: Required. The type of import in the context of the assessment (“new” or “merge”)
  • scanTarget: Optional. A string with the name/path of the target that was scanner in the report
  • autoImport: Optional. Defaults to true. Indicates that the import should take place automatically after report pre-processing, if there are no errors. Only change if you want to separate the processing and import steps.


  "id": "uuid",
  "organizationId": "uuid",
  "requestDetails": {
    "importType": "new" | "merge",
    "scanType": "string",
    "assessmentName": "string",
    "scanTarget": "string",
    "autoImport": true
  "status": "string",
  "createdAt": "date-time",
  "importedAt": "date-time",
  "error": "string"


  • id: The UUID identifying the import request. It can be used to check status of the import.
  • organizationId: The organisation ID where the import is taking place.
  • requestDetails: The same details that were passed as parameters in the request.
  • status: The status of the request (TRANSLATING, READY_FOR_IMPORT, IMPORTED, ERROR), see below.
  • createdAt: Date-time of the creation of the import request.
  • importedAt: Timestamp of the actual import of the report, after pro-processing.
  • error: Description of any errors that might have taken place during processing and import.

Import Request Status

The reponse of the import request can contain one of the following status values:

  • TRANSLATING: This means that the request has been saved in the platform and is waiting for or in the process of being parsed and translated into Phoenix’s internal format.
  • READY_FOR_IMPORT: The pre-processing has completed successfully and the report can be imported. This is only relevant in autoImport is set to false in the request; otherwise the report is imported automatically after pre-processing (the default).
  • IMPORTED: The pre-processing and import steps have completed successfully.
  • ERROR: There was an error during the processing or import of the report. The error field would include additional details.

Check Import Status

Depending on the size of the report, the upload, pre-processing and import of the report can take some time. That’s why import requests through this API are asychronous. Once a request is made, you can check the status of the import using the following API endpoint.

GET /v1/import/assets/file/translate/<request-id>

where the <request-id> is the “id” field received in thre response to the import request (see above).


  "id": "uuid",
  "organizationId": "uuid",
  "requestDetails": {
    "importType": "new" | "merge",
    "scanType": "string",
    "assessmentName": "string",
    "scanTarget": "string",
    "autoImport": true
  "status": "string",
  "createdAt": "date-time",
  "importedAt": "date-time",
  "error": "string"

These values have the same meaning as for the response to the import request above. Once the whole process is completed (in the background) the status field’s value would be “IMPORTED” and the importedAt field would contain the import timestamp.

Valid Report Types

The list below covers all the report types that can be imported the Phoenix API. The name of the report as shown below (literally, the whole string, including parenthesys) is the value to be passed in the scanType parameter described above.

  • Acunetix Scan
  • Acunetix360 Scan
  • Anchore Engine Scan
  • Anchore Enterprise Policy Check
  • Anchore Grype
  • AnchoreCTL Policies Report
  • AnchoreCTL Vuln Report
  • AppSpider Scan
  • Aqua Scan
  • Arachni Scan
  • AuditJS Scan
  • AWS Prowler Scan
  • AWS Prowler V3
  • AWS Scout2 Scan
  • AWS Security Finding Format (ASFF) Scan
  • AWS Security Hub Scan
  • Azure Security Center Recommendations Scan
  • Bandit Scan
  • Blackduck Component Risk
  • Blackduck Hub Scan
  • Brakeman Scan
  • BugCrowd Scan
  • Bundler-Audit Scan
  • Burp Enterprise Scan
  • Burp GraphQL API
  • Burp REST API
  • Burp Scan
  • CargoAudit Scan
  • Checkmarx OSA
  • Checkmarx Scan
  • Checkmarx Scan detailed
  • Checkov Scan
  • Clair Klar Scan
  • Clair Scan
  • Cloudsploit Scan
  • Cobalt.io Scan
  • Codechecker Report native
  • Contrast Scan
  • Coverity API
  • Crashtest Security JSON File
  • Crashtest Security XML File
  • CredScan Scan
  • CycloneDX Scan
  • DawnScanner Scan
  • Dependency Check Scan
  • Dependency Track Finding Packaging Format (FPF) Export
  • Detect-secrets Scan
  • docker-bench-security Scan
  • Dockle Scan
  • DrHeader JSON Importer
  • DSOP Scan
  • Edgescan Scan
  • ESLint Scan
  • Fortify Scan
  • Generic Findings Import
  • Ggshield Scan
  • Github Vulnerability Scan
  • GitLab API Fuzzing Report Scan
  • GitLab Container Scan
  • GitLab DAST Report
  • GitLab Dependency Scanning Report
  • GitLab SAST Report
  • GitLab Secret Detection Report
  • Gitleaks Scan
  • Gosec Scanner
  • Govulncheck Scanner
  • HackerOne Cases
  • Hadolint Dockerfile check
  • Harbor Vulnerability Scan
  • Horusec Scan
  • HuskyCI Report
  • Hydra Scan
  • IBM AppScan DAST
  • Immuniweb Scan
  • IntSights Report
  • JFrog Xray API Summary Artifact Scan
  • JFrog Xray Scan
  • JFrog Xray Unified Scan
  • KICS Scan
  • Kiuwan Scan
  • kube-bench Scan
  • Meterian Scan
  • Microfocus Webinspect Scan
  • MobSF Scan
  • Mobsfscan Scan
  • Mozilla Observatory Scan
  • Netsparker Scan
  • NeuVector (compliance)
  • NeuVector (REST)
  • Nexpose Scan
  • Nikto Scan
  • Nmap Scan
  • Node Security Platform Scan
  • NPM Audit Scan
  • Nuclei Scan
  • Openscap Vulnerability Scan
  • OpenVAS CSV
  • ORT evaluated model Importer
  • OssIndex Devaudit SCA Scan Importer
  • Outpost24 Scan
  • PHP Security Audit v2
  • PHP Symfony Security Check
  • pip-audit Scan
  • PMD Scan
  • Popeye Scan
  • Qualys Infrastructure Scan (WebGUI XML)
  • Qualys Scan
  • Qualys Webapp Scan
  • Retire.js Scan
  • Risk Recon API Importer
  • Rubocop Scan
  • Rusty Hog Scan
  • Scantist Scan
  • Scout Suite Scan
  • Semgrep JSON Report
  • SKF Scan
  • Snyk Scan
  • Solar Appscreener Scan
  • SonarQube API Import
  • SonarQube Scan
  • SonarQube Scan detailed
  • Sonatype Application Scan
  • SpotBugs Scan
  • SSL Labs Scan
  • Sslscan
  • Sslyze Scan
  • SSLyze Scan (JSON)
  • StackHawk HawkScan
  • Talisman Scan
  • Tenable Scan
  • Terrascan Scan
  • Testssl Scan
  • TFSec Scan
  • Trivy Operator Scan
  • Trivy Scan
  • Trufflehog Scan
  • Trufflehog3 Scan
  • Trustwave Fusion API Scan
  • Trustwave Scan (CSV)
  • Twistlock Image Scan
  • VCG Scan
  • Veracode Scan
  • Veracode SourceClear Scan
  • Vulners
  • Wapiti Scan
  • Wazuh
  • WFuzz JSON report
  • Whispers Scan
  • WhiteHat Sentinel
  • Whitesource Scan
  • Wpscan
  • Xanitizer Scan
  • Yarn Audit Scan
  • ZAP Scan
Updated on November 7, 2023

Related Articles

x  Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
Shield Security