Bulk upload of manual findings

[Kristopher Curylo]

I am looking to manage application vulnerabilities from results provided by vendors. I can manually create each finding through the GUI but looking for the proper format of a csv or xls file that can be uploaded for bulk creation of these findings. There appears to be a "Manual" scanner plugin for importing this type of file. Is there a description of the layout for that file?

I understand these findings will need to be managed manually after created but just want to create the manual findings in bulk from a spreadsheet upload.

The only thing I have seen with any description is related to the REST api but wanted to keep it even simpler by leveraging the built-in upload functionality.

Is this possible?

Thank you,

Kris

[Bob Rich]

The manual importer is linked to code that appears to parse the SSVL format:

https://github.com/OWASP/SSVL

I just did a quick test with the example from that git and it seems to work fine.  Assuming you can generate that format, you should be good to go.