Skip to main content
LaunchSafe generates comprehensive security assessment reports after every scan. Reports are designed to serve two audiences: developers who need to fix the issues, and stakeholders who need to understand the risk posture.

Report formats

PDF report

A professional, shareable penetration-test document suitable for:
  • Sharing with leadership and stakeholders
  • Supporting evidence for compliance and audits
  • Client-facing security assessments
The PDF includes an executive summary, severity breakdown, and detailed findings with evidence — generated straight from your browser, so you can save or print it on demand.

JSON report

The complete report as structured JSON, suitable for:
  • Feeding findings into your own tools and dashboards
  • Archiving machine-readable results
  • Custom automation and processing

SARIF

Findings in the Static Analysis Results Interchange Format — the industry standard supported by GitHub code scanning and many security tools. Use SARIF to:
  • Surface LaunchSafe findings directly in GitHub Security
  • Import results into SARIF-compatible dashboards
  • Integrate with your existing security tooling
All three formats are available from the Reports section after a scan completes.

Report contents

Every report includes the following sections: Executive summary A high-level overview for non-technical stakeholders: total findings by severity, overall risk assessment, scan scope, and key recommendations. Written in plain language without technical jargon. Scan metadata Target information, scan type, modules executed, start/end times, scan duration, and scan configuration. Provides full traceability for audit purposes. Severity distribution Visual breakdown of findings by severity level. The PDF report presents this as a chart; the JSON and SARIF formats include the same counts as structured data. Detailed findings Each finding with:
  • Title, severity, and CVSS score
  • Category (CWE classification)
  • Detailed technical description
  • Evidence (sanitized request/response pairs, code snippets, data flow traces)
  • Step-by-step remediation guidance with code examples
  • External references (CWE, OWASP, CVE links)
Remediation priorities An ordered list of what to fix first, based on a combination of severity, exploitability, and business impact. Designed to be actionable — a developer can use this list as their sprint plan.

Accessing reports

Reports are generated automatically when a scan completes. Access them from:
  1. Reports page — click Reports in the sidebar to see all generated reports
  2. Scan detail page — click the Reports button in the scan header after completion

Sharing and compliance

Reports are scoped to your workspace — only authenticated workspace members can access them. LaunchSafe follows responsible disclosure practices and will never publish or share your reports with third parties without written consent. For compliance purposes, reports include:
  • Unique report identifier for audit trail
  • Timestamp and scan configuration for reproducibility
  • CVSS v3.1 scores following FIRST standards
  • CWE identifiers for vulnerability classification
  • Evidence that can be independently verified
Reports are retained for the duration of your active subscription. After account termination, reports are deleted within 30 days.