Report Findings
Add findings to report tabs from your library or create them inline, with custom ordering, evidence, and report-specific overrides.
Findings are the vulnerabilities documented in your report. Each finding is assigned to a specific report tab, where it receives a reference ID, can be reordered, and can have report-specific content overrides.
Adding Findings to a Report
There are two ways to add findings to a report tab:
- Import from library — select existing findings from your organization's finding library. This pulls in the title, description, severity, CVSS score, remediation, and all other fields.
- Create inline — create a new finding directly within the report for one-off vulnerabilities specific to this engagement.
Importing from the library is the recommended approach. It keeps your findings consistent across engagements and builds a reusable knowledge base over time.
Finding Properties in a Report
Each finding within a report tab has the following properties:
| Property | Description |
|---|---|
| Order number | Controls the position of the finding in the report |
| Reference ID | Generated from the tab's Finding ID Prefix and severity (e.g., REF-C-001) |
| Content overrides | Report-specific edits to the finding that do not affect the library version |
| Evidence | Screenshots and supporting material attached to this finding in this report |
Reference IDs
Finding reference IDs are generated automatically based on:
- The tab's Finding ID Prefix (default:
REF) - The finding's severity level (C = Critical, H = High, M = Medium, L = Low, I = Informational)
- A sequential number within that severity group
For example, a tab with prefix REF containing three critical findings and two high findings would produce:
| Finding | Severity | Reference ID |
|---|---|---|
| SQL Injection | Critical | REF-C-001 |
| RCE via Deserialization | Critical | REF-C-002 |
| Authentication Bypass | Critical | REF-C-003 |
| Stored XSS | High | REF-H-001 |
| IDOR | High | REF-H-002 |
Content Overrides
When you import a finding from the library, the report receives a copy of the finding's content. You can edit this copy to tailor it for the specific engagement — for example, adding client-specific details to the description or adjusting the remediation steps.
These edits are report-specific overrides. They do not modify the original finding in your library.
Content overrides are one-way. Changes made in the report do not propagate back to the library, and subsequent updates to the library finding do not automatically update existing report copies.
Ordering and Sorting
Findings within a tab can be organized in two ways:
- Drag-and-drop — manually reorder findings by dragging them to the desired position
- Sort by severity or CVSS — automatically sort findings using the tab's configured Findings Sort Order (either
severityorcvss)
The sort order setting on the tab determines the default ordering when the report is exported.
Evidence
Each finding in a report can have evidence attached — typically screenshots demonstrating the vulnerability. Evidence is specific to the report instance, so the same library finding can have different evidence in different reports.
Reusing Findings Across Reports
The same library finding can be imported into multiple reports without conflict. Each report maintains its own independent copy with its own:
- Reference ID
- Order number
- Content overrides
- Evidence
This means you can use a standard "SQL Injection" finding across dozens of engagements, customizing the details for each client without affecting other reports.
Next Steps
- Findings Library — manage your reusable finding templates
- Report Tabs — understand how findings are organized within tabs
- Exporting Reports — see how findings appear in the exported DOCX