Skip to main content
CyStack VulnScan reports turn scan results into shareable remediation and management artifacts. VulnScan supports three report formats: CSV, JSON, and PDF. Export report

Format Selection

FormatBest ForNotes
CSVRemediation tracking, spreadsheets, ticket import, vulnerability registers.Flat rows for findings, affected assets, severity, risk score, and remediation fields.
JSONSIEM, SOAR, data warehouse, custom integration, automated evidence processing.Structured representation of scan, asset, finding, intelligence, and evidence fields.
PDFExecutive summary, customer-facing report, audit package, management review.Generated as a background job for large scans.
Other export formats are intentionally not supported so the product can keep report quality, field mapping, and automation behavior consistent.

Export From the Web UI

  1. Open Scans and select the completed scan, or open Reports.
  2. Choose Export.
  3. Select CSV, JSON, or PDF.
  4. Choose the report language where available.
  5. Confirm the export.
CSV and JSON are generated for immediate download. PDF export runs as a background job because report rendering may take longer for large scans.

PDF Background Jobs

PDF generation does not depend on the browser tab staying open. When a user starts PDF export:
  1. VulnScan creates a report job in the database.
  2. The PDF export button is locked for that report while the job is running.
  3. The user can leave the page or close the browser.
  4. When the PDF is ready, VulnScan marks the job completed.
  5. If mail is configured, the report creator receives a report-ready email.
  6. The user returns to the Web UI to download the file. Deployments may also attach the PDF to the email where allowed by mail size policy.
This model is designed for large scans and avoids losing reports when a browser session ends.

What a Report Includes

Report content depends on the scan results and selected format, but the core report model includes:
  • Workspace and scan metadata.
  • Target, asset, and scan source.
  • Scan start time, finish time, and duration.
  • Severity summary and finding distribution.
  • Findings with title, severity, risk score, confidence, affected location, and status.
  • CVE, CWE, CVSS, EPSS, CISA KEV, OWASP Top 10, and OWASP WSTG fields where available.
  • Evidence and remediation guidance.
  • References.
  • Discovery context such as technologies, services, TLS, and WAF/CDN where relevant.

Export From the CLI

Generate JSON and CSV: 
vulnscan scan --target https://app.acme.com --output ./reports --format json,csv --lang en
Generate Vietnamese report text where supported: 
vulnscan scan --target https://app.acme.com --output ./reports --format json,csv,pdf --lang vi
Scan targets from a file and include subdomain discovery: 
vulnscan scan --target-file ./targets.txt --include-subdomains --output ./reports --format json,csv
AudienceRecommended FormatReason
Engineering teamCSVEasy to sort, filter, assign, and import into task systems.
Security automationJSONPreserves nested evidence and intelligence fields.
Executives and customersPDFReadable summary with findings, impact, and remediation.
Compliance or auditPDF plus CSVPDF for narrative, CSV for detailed evidence tracking.

Report Quality Checklist

Before sharing a report externally:
  • Confirm the scan target and source are correct.
  • Review Critical and High findings for obvious ownership or scope mistakes.
  • Check whether authenticated scan context was used when required.
  • Confirm the report language.
  • Verify that false positives or accepted risks are documented.
  • Confirm mail delivery if the PDF was generated asynchronously.