Generate reports

You can generate reports from 3 different places in InsightAppSec. Where you are determines what reports you can generate and the level of information they contain. In this article, we explain which reports live in each place, the primary use cases for each one, and how to generate them.

Apps reports

You can get high-level, executive data about all of your apps from the All Apps page by generating the InsightAppSec Applications (Apps) Executive Report or the InsightAppSec and InsightVM Executive Report.

InsightAppSec Applications (Apps) Executive Report

This report provides data on all of the apps scanned by InsightAppSec for a selected calendar month, and includes the number of:

  • Scanned apps
  • Found vulnerabilities
  • Vulnerabilities with an unreviewed, high severity, or remediated status

It also includes information about:

  • The most common types of vulnerabilities found in your apps
  • Vulnerability severity and status
  • The apps with the most vulnerabilities

This report also provides comparison data from the previous month, if the data is available.

When to use it

The InsightAppSec Applications (Apps) Executive Report is a great way to show a CISO or other executives the monthly progress you are making with your application security program, or to highlight areas you may need to make greater investments in.

Generate an InsightAppSec Applications (Apps) Executive Report

  1. Click All Apps in the left sidebar
  2. Click Generate Report. Generate Report button on All Apps page
  3. From the Generate Executive Report screen, enter a Report Name and select a calendar month. Note that this report pulls in data for completed calendar months, so on the first day of each month, you can select the previous one. For example, on September 1, you can select August. Enter report name and select month
  4. Select InsightAppSec All App Executive Report under Report Types.
  5. Click Generate Report. Generate Report button Generate Executive Report screen

InsightAppSec and InsightVM Executive Report

This report provides data on the assets scanned by InsightVM and the apps scanned by InsightAppSec for a selected month.

It includes the following environment overview sections:

  • Application security
  • Assets
  • Vulnerabilities

It also includes the following information about program improvements:

  • Location tags
  • Owner tags
  • Criticality tags

InsightAppSec and InsightVM Executive Report access

This report is only available if you have an active InsightVM product. Additionally, you must have administrator privileges for both InsightVM and InsightAppSec to generate this combination report.

When to use it

The InsightAppSec and InsightVM Executive Report gives you a high-level overview of the apps and assets scanned during a particular month as compared to the previous month.

Vulnerability management has many facets and, with this report, you can give your CISO or other executives a holistic view of your vulnerability management program.

Generate the InsightAppSec and InsightVM Executive Report

  1. Click All Apps in the left sidebar.
  2. Click Generate Report.
    Generate Report button on All Apps page
  3. From the Generate Executive Report screen, enter a Report Name and select a calendar month. Note that this report pulls in data for completed calendar months, so after the start of each month, you can select the previous one. For example, in September, you can select August. It may take up to 7 days from the start of each month for the previous month's data to become available. Report name and month selection
  4. Select Combined InsightAppSec and InsightVM Executive Report in Report Types.
  5. Click Generate Report. Combined Executive Report Selection

App reports

You can get high-level, executive data about an individual app by selecting an app from the All Apps page and generating an InsightAppSec (App) Executive Report.

InsightAppSec (App) Executive Report

This report provides data on an applications scanned by InsightAppSec for a selected calendar month.

It includes the number of:

  • Completed Scans
  • Total vulnerabilities
  • Vulnerabilities with an unreviewed, high severity, or remediated status

It also provides data for:

  • The most common types of vulnerabilities found in your app.
  • Vulnerabilities , grouped by Status and Severity.

When to use it

This app-level executive report is a great way to show an executive or an application owner how an application's security profile has changed over a specific period. It's good for sharing during a monthly or quarterly meeting.

Generate an InsightAppSec (App) Executive Report

  1. Click All Apps in the left sidebar.
  2. Select an app from the All Apps vulnerability table.
  3. Click Generate Report. All Apps - Select appSelected App - Generate Report
  4. On the Generate Report screen, enter a Report Name and select a date range. Report name and month selection
  5. Select Executive Report under Report Types.
  6. Select a Format Type (PDF or HTML).
  7. Click Generate Report. Format Type - Generate Report

Scan reports

There are 2 types of scan-level reports in InsightAppSec:

You can generate all scan-level reports from an individual scan page.

Filter data on scan-level reports

All of our scan-level reports are filterable, so you can narrow the data within each to focus on just what you need.

Scan vulnerabilities reports

You can get scan-level vulnerability data, with or without remediation recommendations, from within a selected scan.

Vulnerabilities Summary Report

This report provides vulnerability data on an individual InsightAppSec scan for a specific application.

It includes the number of:

  • Total vulnerabilities discovered
  • Vulnerabilities by type
  • Vulnerabilities by severity

It also provides data for:

  • Duration of the scan
  • Crawled links
When to use it

Scan managers can use the Vulnerabilities Summary Report to get quick yet detailed insights into the most recent scan or particular scan they're reporting on.

This report could also benefit engineering team managers planning for resource allocation, and identifying issues that need to be addressed.

Vulnerabilities with Remediation Report

This report provides vulnerability data on a scan by InsightAppSec for a specific application along with remediation recommendations.

The report includes:

  • Attack type used
  • Vulnerabilities by severity

It also provides data for:

  • Duration of the scan
  • Crawled links
  • Vulnerabilities discovered
When to use it

You can use the Vulnerabilities with Remediation Report to get key vulnerability details to engineering and remediations teams and to help with remediation efforts. When exported as an HTML file, you can replay an attack using the Rapid7 Chrome Plugin.

Scan compliance reports

These reports are created to show compliance with standards, laws, and regulations set by regulatory bodies and governments.

They can be generated in the form of a:

  • Payment Card Industry Report (PCI)
  • OWASP 2013 Compliance Report
  • OWASP 2017 Compliance Report
  • SOX Compliance Report
  • HIPAA Compliance Report
  • GDPR Compliance Report

When to use them

You can use the scan compliance reports to advise on your compliance with specific regulations. They allow you to see how the results of a scan compare with the regulations your organization must comply with.

Generate an InsightAppSec scan level report

  1. Click Scans in the left sidebar.
  2. Select a scan from the scan-level vulnerability table. You can also select scans from within an App. Scans - Individual Scan
  3. Click Generate Report. Scan - Generate Report
  4. From the Generate Report screen, enter a Report Name and select a Report Type.
  5. Select a scan report.
  6. Select a Format.
  7. Click Generate Report. Scan Report - Generate Report

Your report is ready to go!

If you selected HTML as your report format, your report opens in a new tab. If you selected a PDF format, the Generate Report screen closes, and, when the report is ready, it downloads in your browser.

Filter scan report data

You can add filters to a scan-level report to refine the data before generating the report.

To filter using the query bar:

  1. Go to the Scans page and select a scan. Scans - Select Scan
  2. Select the filter criteria. Scan-Query Bar - Filter
  3. Click Apply. Filter - Apply
  4. Click Generate Report. Apply - Generate Report

Applied filters are visible in a banner on the Vulnerabilities Summary and the Vulnerabilities with Remediation Report in PDF or HTML format when printed.

Vulnerability Report - Filter Banner