Security Reports

Create comprehensive security reports for stakeholders, auditors, and compliance.

Generate a Report

Navigate to Reports

Organization or Repository → Reports

Create New Report

Click Generate Report

Configure Report

Set report parameters:

Scope: Organization or specific repositories
Time period: Date range to include
Severity filter: Which severities to include
Type filter: SAST, AGENTIC_SAST, SCA, SECRET, IAC
Status filter: OPEN, FIXED, FALSE_POSITIVE, ACCEPTED_RISK

Choose Format

Select report format:

PDF (stakeholder-friendly)
CSV (data analysis)
JSON (programmatic access)

Generate

Click Generate ReportReport typically ready within 1-2 minutes

Report Contents

Executive Summary

Security score and trend
Total violations by severity
Critical findings requiring attention
Progress since last report

Detailed Findings

For each violation:

Title and description
Severity and CVSS/EPSS scores
Location (file, line number)
Status (OPEN/FIXED/FALSE_POSITIVE/ACCEPTED_RISK)
Remediation guidance

Trends and Analytics

Violation count over time
Security score trend
Fix rate metrics
Top vulnerability types
Most affected repositories

Compliance Section

Standards compliance (OWASP Top 10, CWE Top 25)
Audit trail
Risk assessment
Remediation timeline

Public Reports

Make reports publicly accessible:

Open Report

Navigate to generated report

Make Public

Click Share → Make Public

Copy Link

Copy the unique public URL

Share URL with stakeholders

Public reports are accessible to anyone with the URL. Don’t include sensitive information.

Scheduled Reports

Automate report generation and delivery:

Create Report Template

Set up report with desired configuration

Schedule

Settings → Scheduled Reports → Create Schedule

Configure Schedule

Frequency: Daily, weekly, monthly
Recipients: Email addresses
Format: PDF, CSV

Activate

Save and activate schedule

Report Templates

Pre-configured report templates: Executive Summary:

High-level overview
Trend analysis
Critical issues only

Compliance Report:

Audit-ready format
Standards compliance
Detailed findings
Remediation status

Team Report:

Team-specific violations
Individual contributions
Fix velocity

Release Report:

Pre-release security assessment
Open violations
Risk assessment

Best Practices

Regular reporting: Generate reports weekly or monthly Executive summaries: Include for non-technical stakeholders Highlight trends: Show progress, not just snapshots Include remediation: Document what’s being fixed Version control: Archive reports for historical reference Automate: Use scheduled reports for consistency

Introduction

Quick Start

Pull Requests & Scanning

Security Capabilities

Setup & Configuration

Reference & Support

Generate a Report

Report Contents

Executive Summary

Detailed Findings

Trends and Analytics

Compliance Section

Public Reports

Scheduled Reports

Report Templates

Best Practices

What’s Next?

Security Dashboard

Trends and Analytics

Introduction

Quick Start

Pull Requests & Scanning

Security Capabilities

Setup & Configuration

Reference & Support

​Generate a Report

​Report Contents

​Executive Summary

​Detailed Findings

​Trends and Analytics

​Compliance Section

​Sharing Reports

​Public Reports

​Scheduled Reports

​Report Templates

​Best Practices

​What’s Next?

Security Dashboard

Trends and Analytics

Generate a Report

Report Contents

Executive Summary

Detailed Findings

Trends and Analytics

Compliance Section

Sharing Reports

Public Reports

Scheduled Reports

Report Templates

Best Practices

What’s Next?