Security Reports

Every PreBreach scan produces a comprehensive security report that summarizes your domain's attack surface, discovered vulnerabilities, and actionable remediation guidance. Reports are designed to serve both technical teams who need granular detail and stakeholders who need a high-level risk assessment.

Report Formats

PreBreach generates reports in three formats. Each format is available from the scan detail page once a scan completes.

PDF Report

A print-ready document suitable for compliance audits, executive summaries, and client deliverables. The PDF includes the security grade, a findings breakdown by severity, full evidence for each vulnerability, and remediation steps. Agency plan users can apply custom branding before export.

HTML Report (Interactive)

A browser-based interactive report that lets you filter findings by severity, search by CWE or OWASP category, expand and collapse evidence blocks, and copy AI remediation prompts directly into your IDE. The HTML report is the recommended format for engineering teams triaging findings.

JSON Report

A machine-readable export designed for integration with CI/CD pipelines, ticketing systems, and custom dashboards. The JSON schema includes structured fields for every finding, including CVSS v4.0 vectors, CWE identifiers, OWASP mappings, confidence scores, and validation consensus results.

Accessing Reports

1. Navigate to Scans in the sidebar.
2. Select a completed scan from the list.
3. Open the Report tab to view the interactive HTML report inline.
4. Use the Download dropdown to export as PDF or JSON.

You can also access reports directly from the Domains page by clicking the latest scan result for any monitored domain.

Security Grade System

Every report includes an overall security grade ranging from A (excellent) to F (critical risk). The grade provides a quick, at-a-glance indicator of your domain's security posture.

How the Grade Is Calculated

The grade starts at a base score of 100 and deducts points for each confirmed finding based on its severity level:

After deductions, the numeric score maps to a letter grade:

Hard Caps

Regardless of the numeric score, certain conditions override the grade:

• Any critical finding automatically caps the grade at F.
• Any high finding automatically caps the grade at D or lower.

These hard caps ensure that severe vulnerabilities are never masked by an otherwise healthy score.

What Is Included in a Report

Each report contains the following sections:

• Executive Summary -- Security grade, scan metadata, and a high-level risk overview.
• Findings Table -- Every discovered vulnerability with severity, CVSS v4.0 score, CWE ID, and OWASP Top 10 category.
• Finding Details -- Full evidence for each issue including HTTP request/response pairs, screenshots, and proof-of-concept steps.
• Validation Status -- Whether each finding was confirmed, needs review, or rejected by the multi-model validation pipeline.
• Remediation Guidance -- Step-by-step fix instructions plus AI-generated prompts you can paste into Cursor, Bolt, or any LLM-powered coding tool.
• Technology Fingerprint -- Detected frameworks, servers, CDNs, and third-party services.

Report Retention

Report retention depends on your plan:

After the retention period, reports and their associated scan data are permanently deleted. To preserve reports beyond the retention window, download them in your preferred format before expiration.

Next Steps

• Understanding Findings -- Learn how to interpret severity levels, CVSS scores, and validation consensus.
• AI Agents -- Discover the specialized agents that power each scan.