Search & Replace
Use preset and custom variables with double-curly-brace syntax to perform bulk text replacement across your Vulnsy report before exporting to DOCX.
Vulnsy's Search & Replace feature lets you define variables in your report content and replace them with real values before export. This is separate from template tags — template tags are filled automatically from the database, while variables are placeholders you resolve manually.
Variables vs. Template Tags
These two systems serve different purposes:
| Feature | Syntax | Filled By | Used In |
|---|---|---|---|
| Template tags | {tag.name} (single braces) | Automatically from the database during DOCX export | Word template .docx file |
| Variables | {{variable_name}} (double braces) | Manually by you via Search & Replace before export | Report content — narratives, findings, descriptions, and any text field |
Template tags live in your Word template and are resolved at export time. Variables live in your report content (the text you write in Vulnsy) and are resolved before export through Search & Replace.
Think of template tags as the structure of your document, and variables as shortcuts within your content. Template tags pull data from the database automatically. Variables are text placeholders you fill in yourself.
Preset Variables
Vulnsy provides these built-in variables that you can use throughout your report content:
| Variable | Description |
|---|---|
{{client}} | Client company name |
{{report_name}} | Report title |
{{start_date}} | Engagement start date |
{{end_date}} | Engagement end date |
{{org}} | Your organization's name |
{{scope}} | Report scope text |
These preset variables are available in the Search & Replace UI with pre-filled suggestions based on your report data.
Custom Variables
You can define your own variables using the double-curly-brace syntax: {{variable_name}}. Use any name that makes sense for your workflow.
Examples:
| Custom Variable | Use Case |
|---|---|
{{target_url}} | The primary target URL referenced throughout findings |
{{testing_environment}} | "Production", "Staging", etc. |
{{contact_name}} | A specific person's name used in multiple places |
{{app_version}} | The application version being tested |
{{network_range}} | The IP range in scope |
To use a custom variable, simply type it anywhere in your report content — in finding descriptions, narrative sections, impact statements, or remediation steps. Then replace it via Search & Replace before export.
Search & Replace Workflow
Open the Export Tab
Navigate to your report and click the Export tab. The Search & Replace section is displayed alongside the export options.
Enter Variable Values
For each variable you want to replace, enter the replacement value. For example:
| Find | Replace With |
|---|---|
{{client}} | ACME Corp |
{{target_url}} | https://app.acme.com |
{{start_date}} | 01/15/2025 |
{{end_date}} | 02/15/2025 |
Preview Replacements
Click Preview to see exactly where each replacement will occur. Vulnsy scans all report content and shows you:
- The number of matches found
- Which fields contain matches (e.g., "Finding: SQL Injection — Description", "Tab: Web App — Methodology")
- A preview of the text before and after replacement
Confirm and Replace
Review the replacement count and locations. When you're satisfied, click Replace to apply the changes across all matching content.
What Gets Replaced
Search & Replace scans and modifies content across your entire report:
| Content Area | Examples |
|---|---|
| Report fields | Executive summary, methodology, scope |
| Client/project data | Client name, project description |
| Tab narratives | All narrative sections within each tab |
| Finding content | Title, description, impact, remediation, references |
| Evidence descriptions | Captions and descriptions attached to evidence items |
Replacements are applied directly to your report content in the database. This is not a temporary preview — once you click Replace, the original variable text is overwritten with the replacement value. Make sure your values are correct before confirming.
Generic Text Search & Replace
Search & Replace is not limited to {{variable}} patterns. You can search for and replace any text string across your report. This is useful for:
- Fixing a misspelled company name across all findings
- Updating a URL that changed during the engagement
- Replacing placeholder text with final copy
- Standardizing terminology (e.g., replacing "webapp" with "web application" everywhere)
Simply enter the text to find and the text to replace it with — the same preview and replace workflow applies.
Unreplaced Variable Detection
Before exporting your report, Vulnsy automatically scans all content for any remaining {{...}} patterns that haven't been replaced. If any are found, you'll see a warning listing:
- The exact variable pattern (e.g.,
{{client}}) - Where it appears (which field, finding, or narrative section)
- The number of remaining instances
This prevents you from delivering a report to your client with placeholder text still in it.
Always check the unreplaced variable warnings before exporting. A stray {{variable}} in a client-facing report looks unprofessional and may expose your internal workflow.
Best Practices
- Use variables for repeated values — if a client name, URL, or date appears in many places, use a variable instead of typing it everywhere. One replacement updates them all.
- Standardize variable names across your team — agree on names like
{{client}},{{target_url}}, and{{scope}}so everyone's reports are consistent. - Preview before replacing — always check the preview to make sure you're not accidentally replacing text in unexpected places.
- Replace before export — run Search & Replace as the last step before exporting. This ensures all variables are resolved and the unreplaced variable check comes back clean.
Next Steps
- Template Tags — understand the automatic template tag system
- Creating Templates — build Word templates for your exports
- Export Tag Prefixes — scope data to specific tabs in multi-tab reports