Available Variables
Project Variables
Section titled “Project Variables”List of project-related variables that can be used in the report template. For example {project.name} will display project
name used when creating a project on the platform.
| Variable | Type | Description |
|---|---|---|
project.id | number | Unique project identifier |
project.uuid | string | Project UUID |
project.name | string | Project name |
project.description | string | Project description |
project.start_at | string | Project start date/time |
project.end_at | string | Project end date/time |
project.type | string | Project type name |
project.scope_type | string | Project scope type (internal/external) |
project.targets | array | Project assessment targets |
project.out_of_scope | array | Project out of scope targets |
extra_fields | object | Additional custom fields |
Extra fields usage example:
{project.extra_fields[‘last_name’]}Client
Section titled “Client”| Variable | Type | Description |
|---|---|---|
client.id | number | Client identifier |
client.company_name | string | Client company name |
client.website | string | Client company’s wesbite |
client.contact_name | string | Client contact’s name |
client.contact_position | string | Client contact’s position |
client.contact_phone | string | Client contact’s phone |
client.contact_email | string | Client contact’s email |
client.address | string | Client company’s address |
client.city | string | Client company’s city |
client.country | string | Client company’s country |
client.industry | string | Client company’s industry |
extra_fields | object | Additional custom fields |
Extra fields usage example:
{client.extra_fields[‘last_name’]}Members
Section titled “Members”| Variable | Type | Description |
|---|---|---|
members | array | List of team members (excluding managers) |
members_all | array | List of all team members |
Member object:
| Field | Type | Description |
|---|---|---|
id | number | Member ID |
name | string | Member name |
email | string | Member email |
type | string | Member type |
certificates | string | Member certificates |
job_title | string | Member job title |
phone_number | string | Member phone number |
Targets
Section titled “Targets”| Variable | Type | Description |
|---|---|---|
targets | array | List of assessment targets |
out_of_scope | array | List of out of scope targets |
Target object:
| Field | Type | Description |
|---|---|---|
id | number | Target ID |
endpoint | string | Target endpoint |
note | string | Target note |
Usage exmaple:
{#targets}{endpoint} - {note}{/targets}{#out_of_scope}{endpoint} - {note}{/out_of_scope}For repeated per-subproject targets, use the subprojects array:
{#subprojects}{name}{#targets}{endpoint}{/targets}{/subprojects}Report
Section titled “Report”| Variable | Type | Description |
|---|---|---|
report.id | number | Report ID |
report.uuid | string | Report UUID |
report.title | string | Report title |
report.version | string | Report version |
report.created_at | string | Report creation date/time |
report.additional_fields | object | Additional custom fields |
report.executive_summary | string | Executive summary |
report.creator | string | Report creator |
project_types | array | Parent project and selected subproject types, with duplicates removed |
Additional fields usage example:
{report.additional_fields['Risk Raiting']}Conditional content based on project types:
Use arrayContains with project_types to show a block only when the report includes a specific project type:
{#report.title | arrayContains:project_types:'Project Type Name'}Content shown only when that project type is present.{/}Example:
{#report.title | arrayContains:project_types:'Web Application'}Web Application section{~~report.additional_fields['Web Application Executive Summary'] | addDefault:'Nothing provided'}{/}Creator object:
| Field | Type | Description |
|---|---|---|
id | number | Creator ID |
name | string | Creator name |
email | string | Creator email |
type | string | Creator type |
certificates | string | Creator certificates |
job_title | string | Creator job title |
phone_number | string | Member phone number |
Vulnerability Statistics
Section titled “Vulnerability Statistics”| Variable | Type | Description |
|---|---|---|
criticalCount | number | Number of critical findings |
highCount | number | Number of high findings |
mediumCount | number | Number of medium findings |
lowCount | number | Number of low findings |
infoCount | number | Number of informational findings |
criticalCvssCount | number | Number of critical CVSS findings |
highCvssCount | number | Number of high CVSS findings |
mediumCvssCount | number | Number of medium CVSS findings |
lowCvssCount | number | Number of low CVSS findings |
infoCvssCount | number | Number of informational CVSS findings |
findingsTotalCount | number | Total number of findings |
Vulnerabilities
Section titled “Vulnerabilities”| Variable | Type | Description |
|---|---|---|
vulnerabilities | array | List of vulnerabilities |
Vulnerability object:
| Field | Type | Description |
|---|---|---|
id | number | Vulnerability ID |
uuid | string | Vulnerability UUID |
title | string | Vulnerability title |
description | string | Vulnerability description |
poc | string | Proof of concept |
risks | string | Risks associated |
remediation | string | Remediation steps |
remediation_stage | string | Remediation stage (Not Remediated, Requested, Retesting, Remediated, Partial) |
cvss | string | CVSS vector |
cvss_score | number | CVSS base score |
probability | string | Probability rating |
impact | string | Impact rating |
has_affected_hosts | bool | True if affected hosts exist |
affected_hosts | array | List of affected hosts |
categories | array | List of category objects |
categories_text | string | Comma-separated category names |
categories_text_ids | string | Category IDs (one per line) |
categories_ids | array | Array of category IDs |
cvss_risk | string | Risk level based on CVSS score |
extra_fields | object | Additional custom fields |
risk | string | Criticality rating |
cvssRisk | string | Risk level based on CVSS score |
redBackground | object | Cell background color info |
assessment_domain | string | Assessment domain name |
order_id | number | Order index in report |
http_excerpts | string | Vulnerability HTTP Excerpts |
has_comments | bool | True if comments exist |
comments | array | List of comments |
Extra fields usage example:
{#vulnerabilities}{extra_fields['OWASP Context']}{/vulnerabilities}Affected host object:
| Field | Type | Description |
|---|---|---|
id | number | Host ID |
endpoint | string | Host endpoint |
note | string | Host note |
Category object:
| Field | Type | Description |
|---|---|---|
id | number | Category ID |
name | string | Category name |
Comments object:
| Field | Type | Description |
|---|---|---|
id | number | Comment ID |
commentator | string | Commentator name |
text | string | Comment text/content |
created_at | string | Comment creation date/time |
Linking to vulnerability sections
Section titled “Linking to vulnerability sections”DOCX templates can create internal links between vulnerability lists and their matching vulnerability sections. Links and targets are matched using the vulnerability UUID and an optional target name.
Basic link:
Create the destination:
{#vulnerabilities}{findingTarget}{title}{~~description}{/vulnerabilities}Create a link to it:
{#vulnerabilities}{findingLinkStart}{title}{findingLinkEnd}{/vulnerabilities}Each generated link points to the matching vulnerability based on its UUID.
Named targets:
Use named targets when the template contains multiple destination sections, such as detailed findings and an appendix.
Details table:
{#vulnerabilities}{findingLinkStart:details}{title}{findingLinkEnd}{/vulnerabilities}Appendix table:
{#vulnerabilities}{findingLinkStart:appendix}{order_id}. {title}{findingLinkEnd}{/vulnerabilities}Details section:
{#vulnerabilities}{findingTarget:details}{title}{~~description}{/vulnerabilities}Appendix section:
{#vulnerabilities}{findingTarget:appendix}{title}{~~poc}{/vulnerabilities}A named link must use the same name as its target:
{findingLinkStart:details}{findingTarget:details}Any number of links can point to the same target. Each vulnerability is matched independently using its UUID.
Marker reference:
| Marker | Description |
|---|---|
{findingTarget} | Creates the default destination for the current vulnerability |
{findingTarget:name} | Creates a named destination |
{findingLinkStart} | Starts a link to the default destination |
{findingLinkStart:name} | Starts a link to a named destination |
{findingLinkEnd} | Ends the clickable content |
Rules:
- Link start and end markers must be in the same Word paragraph or table-cell paragraph.
- Named links and targets must use exactly the same name.
- Target names must start with a letter.
- Target names may contain letters, numbers, underscores, and hyphens.
- Place markers inside a scope containing the vulnerability UUID, normally a
{#vulnerabilities}loop. - Each target name should occur only once per vulnerability.
- Multiple links may point to the same target.
- Word paragraph styles do not affect links or targets.
Parent Project
Section titled “Parent Project”The parentProject object contains the parent project details and only findings belonging directly to the parent project.
| Variable | Type | Description |
|---|---|---|
parentProject.id | number | Parent project ID |
parentProject.uuid | string | Parent project UUID |
parentProject.name | string | Parent project name |
parentProject.description | string | Parent project description |
parentProject.start_at | string | Parent project start date |
parentProject.end_at | string | Parent project end date |
parentProject.types | array | Parent project types |
parentProject.type | string | Primary project type |
parentProject.scope_type | string | Project scope type |
parentProject.extra_fields | object | Project custom fields |
parentProject.targets | array | Parent project assessment targets |
parentProject.out_of_scope | array | Parent project out of scope targets |
parentProject.vulnerabilities | array | Selected findings belonging directly to the parent project |
Usage example:
{parentProject.name}
{#parentProject.vulnerabilities}{order_id}. {title}{/parentProject.vulnerabilities}The vulnerability objects contain the same fields documented in the Vulnerabilities section. Their order_id starts at 1 within the parent project list.
Subprojects
Section titled “Subprojects”The subprojects array contains subprojects that have at least one selected finding. Each subproject contains its project details, targets, out of scope targets, and selected vulnerabilities.
| Variable | Type | Description |
|---|---|---|
subprojects | array | Subprojects containing selected findings |
Subproject object:
| Field | Type | Description |
|---|---|---|
id | number | Subproject ID |
uuid | string | Subproject UUID |
name | string | Subproject name |
description | string | Subproject description |
start_at | string | Subproject start date |
end_at | string | Subproject end date |
types | array | Subproject types |
type | string | Primary project type |
scope_type | string | Subproject scope type |
extra_fields | object | Subproject custom fields |
targets | array | Selected targets belonging to the subproject |
out_of_scope | array | Out of scope targets belonging to the subproject |
vulnerabilities | array | Selected findings belonging to the subproject |
Usage example:
{#subprojects}{name}
{#vulnerabilities}{order_id}. {title}{/vulnerabilities}{/subprojects}Subproject targets example:
{#subprojects}{name}
In scope:{#targets}{endpoint}{/targets}
Out of scope:{#out_of_scope}{endpoint}{/out_of_scope}{/subprojects}Only subprojects represented by selected findings are included. Vulnerability order_id values start at 1 within each subproject.
Manager
Section titled “Manager”| Variable | Type | Description |
|---|---|---|
manager.id | number | Manager ID |
manager.name | string | Manager name |
manager.email | string | Manager email |
| Variable | Type | Description |
|---|---|---|
report_date | string | Date of report generation |