Skip to main content

Overview

ZeroPath generates exportable security reports for compliance reviews, stakeholder updates, and audit documentation. Reports are generated asynchronously and available for download from the dashboard.

Report Types

TypeDescription
Scan ReportDetailed findings from a specific scan — includes all vulnerabilities, severity breakdown, affected files, and remediation status
Organization SummaryHigh-level security posture across all repositories in your organization
SOC 2 ReportCompliance-focused report structured for SOC 2 audit evidence

Export Formats

Scan reports support multiple output formats:
FormatBest For
DOCXStakeholder presentations, compliance documentation
CSVData analysis, custom dashboards, spreadsheet workflows
SARIFTool integration, CI/CD pipelines, SARIF viewers
SBOMSupply chain compliance (CycloneDX JSON format)
Organization summary and SOC 2 reports are generated as DOCX documents.

Generating Reports

Scan Report

  1. Navigate to a completed scan in the dashboard.
  2. Click “Generate Report”.
  3. Select the format (DOCX, CSV, SARIF, or SBOM).
  4. Set a score threshold — only findings above this score are included.
  5. Choose which issue types to include (open, patched, false positive, etc.).
  6. Click Generate. The report is created asynchronously.

Organization Summary

  1. Navigate to Reports in the dashboard.
  2. Click “Organization Summary”.
  3. Optionally provide a custom title.
  4. Click Generate.

SOC 2 Report

  1. Navigate to Reports in the dashboard.
  2. Click “SOC 2 Report”.
  3. Optionally provide a title and description.
  4. Click Generate.

Report History

All generated reports are listed in the Reports section of the dashboard with:
  • Report type and title
  • Generation date and status (pending, completed, failed)
  • File size
  • Download button
Reports can be downloaded or deleted from the history view.

Report Contents

Scan Report (DOCX)

  • Executive summary with finding counts by severity
  • Repository and scan metadata (branch, commit, date)
  • Detailed finding list with:
    • Title, severity, confidence score
    • Affected file and line range
    • Vulnerability description and remediation guidance
    • CWE classifications

Organization Summary

  • Aggregate statistics across all repositories
  • Finding trends and severity distribution
  • Repository-level breakdown
  • Top vulnerabilities by impact

SBOM Export

  • CycloneDX JSON format
  • Full dependency inventory from the SCA scan
  • Package metadata, licenses, and dependency relationships
  • See SCA SBOM Exports for details