Product · Security Reports

A report you can hand to anyone — your team, your customer, your AI.

Every scan produces a structured report with full severity breakdown, evidence per finding, and remediation. Share a link, export Markdown for an agent, or download PDF for an audit.

Run a scanSee a sample report
  • Full severity breakdown — Critical, High, Medium, Low, Info
  • Evidence and reproduction steps for every finding
  • Markdown export for Claude, Cursor, and Windsurf
  • Shareable link or PDF for stakeholders
Report · example.comDeep

2

Critical

5

High

11

Medium

8

Low

  • Exposed Supabase service_roleCRIT
  • Missing CSP headerHIGH
  • Mixed content on /pricingMED

How it works

3 steps to your first result.

  1. 1

    Run a scan

    Report is built automatically — nothing to configure.

  2. 2

    Filter and triage

    Sort by severity, scanner, or asset. Mark items as known/acknowledged.

  3. 3

    Export or share

    Download Markdown or PDF, or send a private link to a teammate or customer.

What you get

Severity-ordered

Findings sorted Critical → Info so the highest-impact issues are at the top.

Evidence per finding

Raw response headers, redacted secret snippets, URL paths — enough to verify, not enough to leak.

Markdown + PDF

Markdown for AI agents (one file, clean schema). PDF for compliance, audit, or customer review.

Shareable links

Send a private read-only link to a teammate or customer. No login required to view.

Filtering & grouping

Group by scanner, asset, or severity. Suppress noise once and never see it again.

Triage state

Mark findings acknowledged or known — keeps the report honest without losing history.

Frequently asked

Can I share the report with a customer?
Yes. The shareable link is read-only and doesn't expose your account, billing, or other scans. Good for prospects asking about security posture.
Is the export format stable?
Yes. Markdown export uses a fixed schema for headings, severity tags, and fix blocks. Safe to commit into a repo or feed to an AI agent.
What's actually in the PDF?
Same content as the web report — severity summary, every finding with evidence and remediation, scan metadata (timestamp, target URL, scanners run). Auditor-friendly layout.
Do reports include false-positive guidance?
Yes. Findings flagged as 'likely informational' (public Firebase keys, Supabase anon keys, Firebase SDK error strings) are called out so reviewers don't waste time on them.

Every scan ends with a report someone can actually act on.

Run a scanSee a sample report