We know that security reports aren't consumed by security professionals and technical developers exclusively, it's possible you'll be wanting to share them with prospective customers or auditors too.

With that in mind, you'll find a high-level overview on the first page:

And a detailed inventory of all the issues, along with a description of the issue and appropriate remediation advice.

Our reports include a summary of the checks run, so the reader can clearly see what kind of security testing is in place.

Intruder doesn't conduct audits, but our reports can be used to support audits or security standards, where a proof of vulnerability scanning is required. Many of our clients use our reports for a range of standards, including but not limited to:

That said, we would always recommend checking with your auditor, to ensure that our reports satisfies their specific requirements.

It's also worth noting that we integrate with Drata, which can streamline and simplify your compliance process (if that's a concern or need).

The automated tool produces vulnerability scan reports; if you're after a pentest report, you may need to commission a manual penetration test - which is a bespoke service we offer on an ad-hoc basis to users with an active subscription.

If asked to provide a pentest report by a third party, we always recommend seeking clarification of requirements and expectations first. Reason being, we find that clients aren't always sure of what they need and so "a penetration test" is their default ask, when in actual fact a vulnerability report would suffice.

If they're unsure, you could always sign-up to the tool, run a scan and share the automated report with the third party. Alternatively, we have an article dedicated to explaining the difference between these two tests and another article which covers all the different plans and services we offer.