Create a report
Overview
Use the Reporting page to generate detailed, customizable reports that summarize SAST, SCA, and DAST issues captured in tests. Report types range from developer-focused summaries to executive overviews and compliance reports, and offer insights into vulnerabilities, test trends, and the risk posture of applications in your portfolio. Note the following:
- Reports are auto-deleted after 30 days.
- Only the user who creates a report can download it. Share reports in PDF/JSON format.
- It can take up to 60 minutes for data from a test to be available to create a report.
- Dismissed issues and excluded components (via issue and component triage) are not included in reports. It can take up to 60 minutes triage actions to affect reports.
- Reporting events are tracked in the audit logs.
- Issues you import from third-party tools are not included in reports.
Available reports
You can generate the following reports:
Type of report | Description |
---|---|
Developer Detail SCA | An overview of the issues in the selected application scope. Provides issue details organized by the component and includes the severity, vulnerability ID, Issue type, CWE, and first detected date of each issue. |
Developer Detail Static | An overview of the issues in the selected application scope. Provides issue details organized by the issue type and includes severity, location, file name, line number, and first detected date. |
Executive Summary Report | Provides an overview of your portfolio and modules that detail the overall risk posture. It includes issue summaries at the portfolio and application levels, detected and absent issue charts, issue trend charts, top issue types and top issues with policy violations. |
Issue Overview | A high level overview of your applications and projects. The report provides the total issue counts at the application level, and provides the new, recurrent, and total issue counts at the project level. This shows the risk posture across the entire portfolio. |
Issue Summary | Includes a summary of its scope and issue summaries by severity, per application(s), per project(s), and by issue type including top 10 vulnerable applications, and more. |
Security Audit | Identifies vulnerable areas in the different components of your application that may be exploited by a malicious users, and estimates the application's protection from common attacks. This report also assesses the overall security risk for your application across all threat areas. |
Software bill of materials (SBOM) | Creates a SPDX or CycloneDX-compatible SBOM report (JSON). |
Standard Compliance | Provides issue counts for each application as it relates to a selected standard, as well as a view of the total issues found per standard. |
Standard Compliance Detail | Along with the information in the Standard Compliance Report, this includes the issue counts for each project, It also provides issue details organized by test type and standard for each issue. |
Test Summary Report | For applications and/or projects (depending on selected scope), shows first and last test, number of tests in a time period, test trends, assessment types scanned and a list of applications and/or projects not tested in time period. |
Allow reporting notifications
In order to receive email notifications that your report is ready, check that your personal notification settings are set correctly.
Save report configurations
If you find you generate the same report on a routine basis, consider saving the report's settings as a report configuration. Doing so allows you to quickly generate the same report without having to configure the report's settings each time.
See Create and manage report configurations for more information.
Create a report
Create a software bill of materials report
To customize what is included in the report, see Ways to triage components in Polaris. If a component is triaged as Excluded, it will not be in the report.