Skip to main content

Submitting a report as a Pentester

Learn how to submit a report on the platform as a pentester

Updated over a week ago

How to submit a report

ℹ️You must have been invited as a pentester to submit a report on a Pentest campaign.

  • Log in to your account

  • Go to “My programs”

  • Click on the View program” button of a pentest campaign

  • Click on “Submit report”

  • Fill in “Bug details” fields that contain all the important metadata related to this vulnerability

  • Choose the value of each metric to define the CVSS score of a submitted vulnerability

  • Describe the vulnerability, how can it be exploited, and how it can be remediated

  • Attach images and videos to your report (optional)

  • Click on the checkbox to chain the bug to another (optional)

  • Click on “Submit”

  • Your report is now submitted and available in the “Reports” tab

Possible actions on a submitted report

  • Go to “Reports”

  • Click on one of your reports

Edit a submitted report

As a pentester, you are able to change the bug description, report details, or the CVSS score of all submitted reports.

ℹ️When partitioning is enabled, pentesters can only edit the reports they have submitted.

  • Click on “Edit”(pencil icons)

  • Click on “Save”

Export the report

It is possible to export a single report in CSV, XLS, JSON, or PDF.

  • Click on “Export”

  • Choose a format in the drop down menu

  • A new file is now available in your downloads folder

Send comments to the team

  • Go to “Actions”

  • Click on “Add comment”

  • Write a comment. Markdown is supported and can be previewed with the dedicated “Preview” tab

  • Click on “Post comment”

ℹ️ You can edit and comment all vulnerability reports from a Pentest campaign, even if they were submitted by other pentesters.

Discard a report

It is possible for a pentester to discard a report they have written. The report will be set to “Auto Close”.

  • Click on the “Discard my report” tab to remove a vulnerability report

  • This report will be automatically classified as Auto Close

⚠️ Auto close reports won’t be completely removed from the vulnerability center and will appear in the final report as an unfixed vulnerability.

Therefore, it is recommended to keep that report and fully edit it with a completely new vulnerability , rather than discarding the report and creating a new one.

Related Articles
How to generate & customise a final pentest report
Manage your pentest campaigns
Pentest report management
Pentest reports templates
Vulnerability Reports
Did this answer your question?