Reports & Compliance

The Static Analysis Results Interchange Format is the industry standard for security tooling. Upload SARIF reports directly to the GitHub Security tab to surface vulnerabilities alongside your code. Every finding maps to a CWE, includes severity, confidence, and remediation guidance so your developers can fix issues without leaving their pull request workflow.

• Native GitHub Security tab integration
• CWE-mapped findings with severity levels
• Machine-readable for tool chaining

Export raw findings data to CSV for custom analysis in Excel, Google Sheets, or any data tool. Filter by severity, group by scanner, calculate remediation time, or build executive dashboards. CSV exports include every field: finding ID, title, severity, scanner, URL, evidence, recommendation, and status.

• Open in Excel or Google Sheets
• Pivot tables for executive dashboards
• Full field set for custom analysis

Generate branded, print-ready PDF reports that you can share with stakeholders, compliance auditors, and management. Each report includes an executive summary with your risk score and grade, a detailed findings table with severity breakdown, scanner-by-scanner results, and actionable remediation steps. PDFs are designed to communicate security posture clearly to both technical and non-technical audiences.

• Executive summary with risk score
• Detailed findings and remediation steps
• Shareable with non-technical stakeholders

The JSON export provides the complete scan response in a structured, machine-parseable format. Use it to build custom dashboards, feed data into SIEM systems, or create quality gates in your CI/CD pipelines. JSON reports include metadata, scan configuration, all findings with evidence, and the aggregate risk score.

• Complete scan data in structured format
• Ideal for CI/CD quality gates
• Feed into SIEM or custom dashboards

A newly discovered finding that requires attention. Open findings contribute to your risk score and remain visible in all reports until they are triaged.

Your team has reviewed the finding and confirmed it is a genuine issue. Acknowledging a finding signals that remediation work is planned or in progress.

The vulnerability has been remediated. Run a verification scan (1 credit) to confirm the fix. Once verified, the finding is excluded from your active risk score.

Your team has deliberately accepted the risk after evaluation. The finding is documented for audit purposes but no longer inflates your active risk score.