Reading a Vortex report

Every Vortex scan produces a report. While the scan runs, the report page shows live progress; when it finishes, the report becomes the place where you triage, act on, and share what was found.

You can reach any report two ways: from the report history list (every scan you’ve run for a target) or by opening a single report directly.

The overview

At the top of an Analog or API report you’ll find an overview tile summarizing the scan — what was tested and how many findings turned up. Use it as the at-a-glance health check before you drill in.

Severity breakdown

Next to the overview is a severity breakdown — a donut chart showing how findings split across severity levels. It tells you where to spend attention first: a handful of highs usually matters more than a long tail of lows. See Severity & scoring for what each level means.

Note

The overview and severity breakdown reflect this report — the scan you’re looking at — not the running total across every scan of the target.

Grouped findings

Below the charts is the findings list, grouped so related issues sit together — typically by weakness type (CWE), severity, or affected asset. Grouping keeps a report readable: instead of fifty near-identical entries you see one group you can expand.

Open a group to see the individual findings inside it.

Finding details

Open any finding to see its full detail — the affected location, the evidence Vortex collected, severity, and guidance. This is where you decide what to do next; the per-finding actions (Fix with AI, Accept risk, Create Jira ticket) live here too. See Findings & accepting risk.

AI reports: the phase timeline

An AI pen-test report looks different. Instead of static charts up front, it presents a multi-phase timeline — Reconnaissance, Vulnerability Scanning, Exploitation, Reporting — with the phase indicator advancing as the scan proceeds. Alongside it runs the thought trail, a live log of the AI’s reasoning. Confirmed findings consolidate into the report as the scan reaches its Reporting phase.

Exporting a report

When a report is complete, choose Export PDF to download it for sharing with stakeholders, auditors, or anyone outside the app. BestDefense generates a polished, self-contained compliance-style PDF and downloads it — named after the target and the date.

PDF export requires a paid Vortex plan and permission to view reports. If you don’t see the Export PDF button, your plan may need an upgrade (check pricing in the app), or ask an administrator about your permissions.

What’s in the PDF

The export is a complete, audit-ready penetration test report, not just a list of findings. It includes:

• A cover page and document control block (target, dates, classification).
• A table of contents.
• Executive summary — overall risk rating, severity distribution, and the top critical and high findings.
• Scan scope and methodology — what was tested, the scan configuration and timing, scanner details, and scope limitations.
• Risk summary — counts by severity and a CWE distribution.
• Detailed findings — each finding with its evidence, affected location, and guidance.
• Accepted risks — findings you’ve formally accepted, where applicable.
• Remediation recommendations — AI-generated, per-finding suggestions with the root cause, step-by-step remediation, a priority, and an effort estimate.
• Historical trend analysis — scan history and the delta from the previous scan, when prior scans exist.
• Compliance framework mapping, where applicable.
• Appendices — glossary, severity scale, scanner configuration, and the full affected-URL inventory.

If your organization uses white-label theming, the report is branded with your logo.

Programmatic access

For automation, the API returns report data as JSON, so you can build your own exports or release gates — see CI/CD automation.

Next steps

• Findings & accepting risk
• AI remediation
• Remediation Queue — track fixes from finding to merged change.