Documentation
Everything you need to get started with getReport.
Getting Started
getReport transforms raw security findings into professional, executive-ready reports. Here's how to get started in three simple steps:
1. Create an Account
Sign up for a free account at getreport.io. No credit card required for the Starter plan.
2. Import Your Findings
Upload findings from your security tools. We support direct imports from Nessus, Burp Suite, Nuclei, and many more. You can also paste JSON directly or use our UFM format.
3. Generate Your Report
Choose a template, customize the content, and export your report as PDF, DOCX, or JSON. It's that simple.
Importing Findings
getReport accepts findings in multiple formats:
- Native imports: Nessus, Burp Suite, Nuclei, Qualys, Rapid7, and more
- Standard formats: SARIF, XML, CSV
- Manual input: Paste JSON or use our form builder
For the best results, we recommend using our Unified Findings Model (UFM) format, which ensures all data is captured correctly.
Unified Findings Model (UFM)
UFM is our standard JSON schema for vulnerability findings. It normalizes data from different security tools into a consistent format.
UFM Schema
Each finding in UFM format includes the following fields:
{
"title": "SQL Injection in Login Form",
"severity": "critical",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"assets": [
{
"type": "url",
"value": "https://example.com/login"
}
],
"evidence": [
{
"type": "request",
"content": "POST /login HTTP/1.1\nHost: example.com\n\nusername=admin' OR '1'='1"
},
{
"type": "response",
"content": "HTTP/1.1 302 Found\nLocation: /dashboard"
}
],
"description": "The login form is vulnerable to SQL injection attacks. User-supplied input is concatenated directly into SQL queries without proper sanitization.",
"impact": "Attackers can bypass authentication, access sensitive data, and potentially execute arbitrary commands on the database server.",
"remediation": "Use parameterized queries (prepared statements) instead of string concatenation. Implement input validation and output encoding.",
"references": [
"https://owasp.org/www-community/attacks/SQL_Injection",
"https://cwe.mitre.org/data/definitions/89.html"
],
"cwe": "CWE-89",
"owasp_category": "A03:2021-Injection",
"tags": ["sql-injection", "authentication", "critical", "owasp-top-10"]
}Required Fields
| Field | Type | Description |
|---|---|---|
title |
string | Short, descriptive title of the finding |
severity |
string | One of: critical, high, medium, low, info |
description |
string | Detailed description of the vulnerability |
impact |
string | Business and technical impact |
remediation |
string | Steps to fix the vulnerability |
Optional Fields
| Field | Type | Description |
|---|---|---|
cvss_vector |
string | CVSS v3.1 vector string |
assets |
array | Affected assets (URLs, hosts, IPs) |
evidence |
array | Proof of vulnerability (requests, screenshots) |
references |
array | External reference URLs |
cwe |
string | CWE identifier (e.g., CWE-89) |
owasp_category |
string | OWASP category |
tags |
array | Custom tags for categorization |
URSE Risk Scoring
URSE (Unified Risk Scoring Engine) provides context-aware risk scoring that goes beyond simple severity ratings.
How URSE Works
URSE combines five factors to calculate a final risk score from 0-100:
- Severity (30%): Technical severity aligned with CVSS scores
- Exploitability (25%): How easy is the vulnerability to exploit?
- Exposure (20%): Is the asset internet-facing or internal?
- Business Criticality (15%): How important is the affected asset?
- Evidence Quality (10%): How confident are we in the finding?
Risk Tiers
| Score Range | Risk Tier | Recommended Action |
|---|---|---|
| 80-100 | Critical | Immediate remediation required |
| 60-79 | High | Remediate within 7 days |
| 40-59 | Medium | Remediate within 30 days |
| 0-39 | Low | Remediate as resources allow |
Export Formats
getReport supports three export formats to meet different needs:
Polished, print-ready documents perfect for executives and compliance audits. Includes cover page, table of contents, and professional formatting.
DOCX
Editable Word documents for teams who need to customize content before sharing. Maintains all formatting and styles.
JSON
Machine-readable format for integration with other security tools and workflows. Follows the UFM schema for maximum compatibility.
Multi-Language Export
getReport can generate reports in 30+ languages. When exporting, select your target language and our system will translate all report content while preserving technical terms and proper nouns.
Supported languages include: English, Chinese (Simplified), Hindi, Spanish, Arabic, French, Bengali, Portuguese, Russian, Japanese, German, Korean, Indonesian, Turkish, Vietnamese, Italian, Thai, Polish, Ukrainian, Dutch, Persian, Hebrew, Malay, Romanian, Czech, Swedish, Hungarian, Greek, Danish, and Finnish.
API Reference
Enterprise customers have access to our REST API for programmatic report generation.
API documentation is available in your dashboard after upgrading to an Enterprise plan. Contact [email protected] to learn more.
Integrations
See our Integrations page for a complete list of supported security tools and import formats.