# DAST Report Import

## How to import a report

1. **Download** and configure the CLI Scanner. See [these guidelines](https://docs.xygeni.io/xygeni-scanner-cli/xygeni-cli-overview/xygeni-cli-installation).
2. Use the xygeni **report upload command**:

```
xygeni report-upload -n=<Name> --report="path/to/report_file" -f=<format> [--branch="branch"]
```

{% hint style="info" %}
If the --branch parameter is not set, the branch will be marked as "Unknown".
{% endhint %}

3. Move to the [**Xygeni dashboard** ](https://in.xygeni.io)to see the results

## Supported formats

Xygeni ASPM supports the following formats for DAST reports:

| Format            | Tool      | Description                              |
| ----------------- | --------- | ---------------------------------------- |
| dast-acunetix-360 | Acunetix  | Acunetix 360 DAST report, in JSON format |
| dast-acunetix-xml | Acunetix  | Acunetix DAST report, in XML format      |
| dast-zap          | OWASP Zap | ZAP DAST report, in XML or JSON format   |

## Dashboard Results

If the entered name matches an existing project, the vulnerabilities in the report will be added to that project in a new tab called DAST. If, however, the project does not exist, a new project will be created with the vulnerabilities in the report.

{% hint style="info" %}
If you are ingesting a report to an existing project and the vulnerabilities do not appear, check the branch of the project. If you have not set the --branch parameter when executing the command, Xygeni could have marked the Branch as "Unknown".
{% endhint %}

### Xygeni DAST Prioritization Funnel

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FnyBCCoV846s1a2FP84Bp%2Fimage.png?alt=media&#x26;token=934b8117-6411-455c-b1f4-533318face75" alt="" width="563"><figcaption></figcaption></figure>

The **DAST Prioritization Funnel** progressively organizes all dynamically detected security findings by applying risk-based filters that reduce the total volume of vulnerabilities down to the most critical ones. Its purpose is to remove noise, focus on externally exploitable risks, and help security teams prioritize remediation efforts saving hours of time .

* **All Issues**: Contains the full set of vulnerabilities detected by DAST with no filtering applied, representing the 100% baseline.
* **Exposed**: Filters only the assets that are publicly reachable from the Internet.
* **Unauthenticated**: Focuses on vulnerabilities that can be exploited without credentials.
* **Business Value**: Prioritizes issues affecting critical business workflows.

### Example of DAST vulnerability Slider

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FYeuu7Q0YKexbdTvadIdU%2Fimage.png?alt=media&#x26;token=1dfbd0e1-b270-4021-9368-22c73dd04417" alt=""><figcaption></figcaption></figure>