Creating Findings
How to create vulnerability findings in Vulnsy, either as reusable library templates or directly within a report.
You can create findings in two places: from the Findings page (to add to your library) or directly inside a Report.
Creating a Library Finding
- Navigate to the Findings page from the sidebar
- Click Add Finding
- Fill in the finding details (see fields below)
- Click Save to add it to your organization's finding library
Creating a Finding Inside a Report
- Open a report and navigate to its findings section
- Click Add Finding
- Choose to create a new finding from scratch or import one from your library
- Fill in or customize the details for this specific engagement
Findings created directly in a report are not automatically added to your library. Save them to the library explicitly if you want to reuse them later.
Finding Fields
| Field | Required | Description |
|---|---|---|
| Title | Yes | A clear, concise name for the vulnerability |
| Severity | Yes | Critical, High, Medium, Low, or Informational |
| Category | Yes | The assessment type (see below) |
| Description | Yes | Detailed writeup of the vulnerability. Supports rich text editing via the TipTap editor — use bold, code blocks, lists, and links |
| Impact | Yes | Explanation of what an attacker could achieve |
| Remediation | Yes | Steps the client should take to fix the issue |
| References | No | URLs to CVEs, OWASP, vendor advisories, or other external resources |
| Evidence | No | Screenshots and images proving the vulnerability. See Evidence |
Categories
Each finding must be assigned a category that matches the type of assessment:
| Category | Use For |
|---|---|
web_app | Web application vulnerabilities |
infrastructure | Network and infrastructure issues |
mobile | Mobile application security findings |
cloud | Cloud configuration and architecture issues |
api | API security vulnerabilities |
iot | IoT and embedded device findings |
Rich Text Editor
The description, impact, and remediation fields use the TipTap rich text editor. You can:
- Format text with bold, italic, and inline code
- Add code blocks with syntax highlighting
- Create ordered and unordered lists
- Insert links and tables
- Paste content directly from other tools
When pasting content from external sources, review the formatting. The editor preserves most HTML formatting, but complex layouts may need adjustment.
Saving to Your Library
When you create a finding you want to reuse across engagements, save it to your organization's finding library. This makes it available to all team members and can be imported into future reports.