Skip to main content

Reports

Reports are PDF deliverables that AISafe generates from completed assessments. They synthesize findings, evidence, and remediation recommendations into a shareable document suitable for stakeholders, compliance packages, and executive review.

Reports are the final output of each assessment. Whether you are handing results to an engineering team for remediation, to an auditor for compliance verification, or to leadership for a posture update, the report gives you a single, self-contained document that captures the complete assessment results.

Generating a report

After an assessment completes, go to the assessment detail page and click Generate report. AISafe compiles the findings, evidence, and triage decisions into a structured PDF. AISafe stores the report as an artifact, and you can download it or share it via a URL.

You can generate a report at any point after the assessment finishes, including after you have triaged findings and applied status changes. The report reflects the current state of the findings at the time of generation, so it is a good practice to complete your triage review first and generate the final report. If you need an updated report later (for example, after marking findings as fixed), generate a new one to capture the latest state.

Report contents

A typical report includes:

  • Executive summary: scope, finding counts by severity, overall posture assessment. AISafe writes this section for stakeholders who need a high-level view without reading individual findings. It gives a clear picture of where the application stands and what needs attention.
  • Assessment metadata: target/source, type, duration, date. This gives the report context and makes it easy to reference later, when you are comparing reports across multiple assessments over time.
  • Finding details: per-finding sections with severity, evidence, proof-of-concept, CWE/OWASP mappings, and suggested fixes. Each finding is self-contained so you can share an individual section with the engineer responsible for the affected component. The evidence includes the same locations, taint flows, and reproduction steps you see in the dashboard.
  • Remediation roadmap: a prioritized list of action items by severity. This gives your team a clear order of operations: fix criticals first, move to highs, and so on. Use this section to plan sprints and track remediation progress.

The report is a static PDF. It does not change after generation. If you update findings after creating the report, generate a new report to capture the latest state.

AISafe generates reports from the triaged findings, so they reflect the status decisions your team has made. The report excludes findings marked as false positive, includes findings marked as accepted risk with their status noted, and includes findings marked as fixed with their resolution recorded.

Sharing

Once you generate a report, you can share it with stakeholders who do not have an AISafe account. From the assessment detail page, copy the report's public URL and send it to anyone who needs to review the findings. The URL points to a hosted version of the PDF that anyone can view in a browser or download.

You can revoke public report URLs from the same page if you need to withdraw access later. Use this for sharing with external auditors, compliance reviewers, or leadership who need the report without dashboard access. Revoking a URL disables the link, so anyone who tries to open it after revocation can no longer view the report.

You can generate a new shareable URL at any time if you need to re-share a report after revoking the previous link. Each URL is independent, so revoking one does not affect others you may have created.

Shareable URLs are ideal for compliance cycles where an auditor needs read-only access to a specific assessment's results. You control which reports to share and for how long.

Webhook integration

Once a report is ready, AISafe fires a report.ready webhook event. Subscribe to this event to deliver reports to a Slack channel, document management system, or SIEM. This is useful when you want reports to flow into your existing tooling without manual download. See Webhooks for configuration details.

You can use webhooks to trigger downstream workflows: for example, creating a Jira ticket for each critical finding, or notifying a security channel when AISafe generates a report for a production assessment.

API access

The API lets you generate and download reports. You can integrate report generation into your CI/CD pipeline, compliance automation, or internal dashboards. For example, you can trigger a report after each scheduled scan and archive it. See the API Reference for report endpoints.

The API supports the same operations as the dashboard: generate a report, download the PDF, create a shareable URL, and revoke a shareable URL. Use the API when you need to automate any part of the report lifecycle.

For teams that run assessments on a regular cadence, API-driven report generation makes it easy to maintain an up-to-date archive of reports without manual intervention.

Reports remain available for as long as your account retains the assessment. You can download or re-share a report at any time, even months after the assessment completed.