Show progress with reports

You're getting stuff done. Share your progress with stakeholders by leveraging InsightAppSec reports to provide app, scan, vulnerability, and compliance-related updates.

You can generate reports from 3 different places in InsightAppSec: All Apps page, an individual app, and an individual scan.

Which report should I generate?

ReportDescription
InsightAppSec Applications (Apps) Executive ReportExecutive data on all the apps scanned by InsightAppSec for a selected calendar month.

Use this report to show a CISO or other executives the monthly progress you are making with your application security program, or highlight areas you may need to make greater investments in.
InsightAppSec and InsightVMExecutive data on the apps and assets scanned by InsightAppSec and InsightVM for a selected calendar month.

Vulnerability management has many facets and, with this report, you can give your CISO or other executives a holistic view of your vulnerability management program.
InsightAppSec (App) Executive ReportExecutive data for an individual app scanned by InsightAppSec for a selected date range.
Vulnerabilities Summary ReportBasic or detailed vulnerability data on a scan run for a specific application.

Scan managers can use the Vulnerabilities Summary Report to get quick yet detailed insights into the most recent scan or particular scan they're reporting on.

This report could also benefit engineering team managers planning for resource allocation, and identifying issues that need to be addressed.
Vulnerabilities with Remediation ReportThis report provides vulnerability data on a scan by InsightAppSec for a specific application along with remediation recommendations.
Scan compliance reportsYou can use the scan compliance reports to advise on your compliance with specific regulations. These reports allow you to see how the results of a scan compare with the regulations your organization must comply with.

InsightAppSec reports are advisory only

If a report shows no vulnerabilities, or low severity or safe vulnerabilities, this should not necessarily be taken as affirmation of compliance.

I want to:

Create a report for one or more apps

You can generate executive-level reports containing data on all of your apps from the All Apps page and for an individual app from within the app.

Generate a report for multiple apps
  1. Click All Apps in the left sidebar.
  2. Click Generate Report.
  3. From the Generate Executive Report screen, enter a Report Name and select a calendar month. The report pulls in data for completed calendar months only, so you have to wait until the beginning of the next month to generate the report. It may take up to 7 days from the start of each month for the previous month's data to become available.
  4. In Report Types, select one of the following:
  • InsightAppSec All App Executive Report
  • Combined InsightAppSec and InsightVM Executive Report
  1. Click Generate Report.
Generate a report for one app
  1. Click All Apps in the left sidebar.
  2. Select an app from the All Apps vulnerability table.
  3. Click Generate Report.
  4. On the Generate Report screen, enter a Report Name and select a date range.
  5. Select Executive Report under Report Types.
  6. Select a Format Type (PDF or HTML).
  7. Click Generate Report. Format Type - Generate Report

Create a scan-level report to view vulnerabilities

You can generate scan-level reports with vulnerability or compliance-related information from within an individual scan.

Generate an InsightAppSec scan level report
  1. Click Scans in the left sidebar.
  2. Select a scan from the scan-level vulnerability table. You can also select scans from within an App.
  3. Click Generate Report.
  4. From the Generate Report screen, enter a Report Name and select a Report Type.
  5. Select a scan report.
  6. Select a Format.
  7. Click Generate Report.
Filter scan report data

You can add filters to a scan-level report to refine the data before generating the report.

  1. Go to the Scans page and select a scan.
  2. Select the filter criteria.
  3. Click Apply.
  4. Click Generate Report.

Applied filters are visible in a banner on the Vulnerabilities Summary and the Vulnerabilities with Remediation Report in PDF or HTML format when printed.

Vulnerability Report - Filter Banner

Learn more about app report types

InsightAppSec All Apps Executive Report

This report provides an overview of all apps scanned during a selected month. The report contains the number of apps scanned, unreviewed vulnerabilities, high severity vulnerabilities and remediated vulnerabilities with each of these compared to the previous month. It also shows the top vulnerability types and the vulnerabilities by severity and status.

Combined InsightAppSec and InsightVM Executive Report

This report provides an overview of the assets and apps scanned by InsightAppSec and InsightVM. The report contains sections relating to your overall vulnerability management programs, including details on apps and assets scanned along with the vulnerabilities found and remediation efforts. Where applicable, it also showcases details on location, owner, and criticality tags.

Learn more about vulnerability reports

Vulnerabilities Summary

The Vulnerabilities Summary is an overview of the vulnerabilities found in the app during the scan. The report is organized by vulnerability and the number of vulnerabilities found during the scan for the app.

Vulnerabilities with Remediation Report

The Vulnerabilities with Remediation report contains all vulnerabilities found in an app from the chosen scan and the recommended remediation. Before making the report, you can use a filter to focus on certain vulnerabilities. Within the report, you can view the attack type, recommendation, and replay the attack using the Rapid7 Chrome Plugin.

Learn more about compliance reports

Payment Card Industry Report (PCI Report)

The Payment Card Industry report helps you prepare for an audit, an assessment, or a questionnaire around PCI compliance. Uncovering potential issues that will affect the outcome of any of these exercises allows you to take action and secure critical vulnerabilities on any assets that deal with payment card data.

OWASP 2013 Report

The OWASP 2013 Report shows the top 10 OWASP issues and whether you passed or failed on each for the scan. It also shows vulnerabilities within each of the top 10 issues along with the response and request data for the vulnerability.

OWASP 2017 Report

The OWASP 2017 Report shows the top 10 OWASP issues and whether you passed or failed on each for the scan. It also shows vulnerabilities within each of the top 10 issues along with the response and request data for the vulnerability.

SOX Report

The SOX (Sarbanes-Oxley Compliance) details compliance issues and whether you passed or failed on each, for that particular scan. The report shows each requirement and the details of the vulnerabilities that caused you to fail, if you did.

HIPAA Compliance Results

The HIPAA compliance report shows each requirement, if you passed or failed, and the details of the vulnerabilities that caused you to fail, if you did.

GDPR Report

The GDPR report is an advisory report that shows how vulnerabilities in scanned targets might jeopardize your GDPR compliance and highlights which vulnerabilities need to be addressed.