Integrate Rapid7 Nexpose with Vulnetix. Export scan results as XML 2.0 via the Nexpose API or console for vulnerability management.
How Vulnetix compares — better together
Vulnetix does not replace Nexpose. Keep running it. Vulnetix sits on top of Nexpose — and every other scanner you already own — turning disconnected tool outputs into one prioritised, fixable queue.
Nexpose is strongest at its core category and also carries features in Container & Image Scanning, IaC & Cloud Configuration, Cloud Security & CSPM — just like Vulnetix spans categories.
| Capability | Vulnetix | Nexpose |
|---|---|---|
| Security coverage | ||
| SAST (static code analysis) | ✓ Built-in rules + Semgrep augmentation | ✗ |
| SCA / dependencies | ✓ 40+ ecosystems, transitive graph | ✗ |
| DAST (dynamic testing) | ~ Ingests DAST results; no native dynamic engine | ✗ |
| Container & image | ✓ Image CVEs, base image, Dockerfile | ~ Had a CI/CD container image scanner but Rapid7 EOL'd InsightVM Container Security after Mar 5, 2025; moved to Cloud Security/Exposure Command |
| IaC / misconfiguration | ✓ Terraform, k8s, CloudFormation | ~ Policy Manager runs CIS benchmark / configuration-compliance checks on live hosts, not IaC template scanning |
| Secret scanning | ✓ 1,000+ rules, source + binary + git history | ✗ |
| Cloud / CSPM | ✓ Cloud-posture findings, compliance tab | ~ Cloud/remote asset assessment in InsightVM; deep CSPM is in InsightCloudSec, not Nexpose core |
| Mobile (MAST) | ~ Ingests mobile scanner output; no native mobile engine | ✗ |
| License compliance | ✓ SPDX, copyleft/AGPL/SSPL policy | ✗ |
| SBOM generation | ✓ CycloneDX 1.7 + SPDX 2.3, cosign-signable | ✗ |
| Malware / supply-chain | ✓ De-duplicated corpus + install-time firewall (25+ registries) | ✗ |
| Network / infra vuln | ~ Ingests network scanner output; no native network scanner | ✓ Core: authenticated host/network scanning identifies CVEs, open ports and vulnerable services (docs.rapid7.com/nexpose) |
| Fuzzing | ✗ Ingests fuzzing crashes; no native fuzzer | ✗ |
| Pentest / bug bounty | ✗ Ingests pentest/bug-bounty findings; not a testing service | ✗ |
| The Vulnetix orchestration layer | ||
| Cross-scanner dedup & one queue (ASPM) | ✓ Correlates every scanner into one prioritised queue with ownership routing | ✗ |
| Exploit-intel prioritisation | ✓ EPSS, CISA KEV, Coalition ESS, CWSS, Vulnetix LEV | ~ Active Risk / RealRisk scoring blends threat intel and (in InsightVM) EPSS to rank exploit likelihood |
| Reachability analysis | ✓ Tree-sitter + CVEAffected; direct/transitive/semantic | ✗ |
| Versioned VEX + audit trail | ✓ Immutable OpenVEX/CycloneDX, cosign-signable | ✗ |
| Safe Harbour autofix | ✓ Resolves + applies the nearest safe version | ✗ |
| End-of-life policy | ✓ Flags/blocks past-EOL runtimes & packages | ✗ |
| SSVC / risk-based policy | ✓ SSVC v2 + CISA/FedRAMP/Essential-8 presets | ✗ |
✓ full · ~ partial · ✗ not covered
What Nexpose does well
- Deep authenticated/credentialed network scanning of hosts for CVEs, open ports, running services and applications, with an on-prem scan engine that runs in air-gapped environments
- RealRisk / Active Risk scoring enriched with real-world threat intelligence to prioritize what is most likely to be exploited
- Policy Manager with CIS benchmark and configuration-compliance checks via built-in scan templates
- Mature, well-documented REST API (/api/3/) and XML 2.0 export for integration and reporting
Where Vulnetix adds to it: Vulnetix ingests Nexpose XML 2.0 / API 3 output and folds its host and network CVE findings into the single prioritised, deduplicated queue, then layers EPSS/KEV/ESS exploit-intel, reachability, versioned VEX and SSVC on top. Vulnetix does not run network scans itself, so Nexpose remains the authenticated-scan engine and Vulnetix is the ASPM orchestration layer above it.
No migration, no rip-and-replace. Nexpose keeps doing what it does best; Vulnetix adds the orchestration, exploit-intelligence prioritisation and remediation layer built for the way AppSec works today.
Centralise Nexpose results in Vulnetix
Upload Nexpose XML output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.