Template - Tags
UPDATED: Please head over to our new GitHub Support Site for help, examples, tips and tricks: https://github.com/AttackForge/ReportGen
!IMPORTANT: The tags listed below are NOT an exhaustive list of all available tags. For up to date list, we recommend using the $help function - see https://github.com/AttackForge/ReportGen/issues/18.
Accessing Parents
To access parent objects - please visit Tips & Tricks
Tags for Individual Reports
{@pageBreak} - adds a page break.
{data} - provides access to the root data file.
{#projectCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#projectCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{projectName} - name of the project
{projectCode} - project code
{projectGroups} - details for each linked Group
{name} - name of the group
{timestamp} - timestamp for when JSON report was downloaded
{#statusUpdates} - details for each project status update e.g. when project goes on-hold or off-hold
{status} - e.g. 'On-Hold' or 'Off-Hold'
{note} - reason why project was on-hold or off-hold
{created} - timestamp when project went on-hold or off-hold
{totalUniqueVulnerabilities} - total unique vulnerabilities on the project
{totalCriticalVulns} - total unique critical vulnerabilities on the project
{totalHighVulns} - total unique high vulnerabilities on the project
{totalMediumVulns} - total unique medium vulnerabilities on the project
{totalLowVulns} - total unique low vulnerabilities on the project
{totalInfoVulns} - total unique informational vulnerabilities on the project
{totalZeroDayVulns} - total unique zero-day vulnerabilities on the project
{totalEasilyExploitableVulns} - total unique easily exploitable vulnerabilities on the project
{totalTestcases} - total test cases assigned to the project
{totalCompleted} - total completed test cases on the project
{totalInProgress} - total in-progress test cases on the project
{totalNotTested} - total not-tested test cases on the project
{totalNotApplicable} - total not applicable test cases on the project
{#execSummaryNotesHeading} - set a custom heading for the exec summary, auto disable if no exec summary on project
{#execSummaryNotes} - executive summary notes on the project
{execSummaryNotes} - exec summary notes
{%inlineScreenshot} - display exec summary screenshots
{caption} - text caption for the image
{@execSummaryNotesStyled} - executive summary notes on the project styled based on in-app WYSIWYG editor with inline images
{startDate} - test window start date for the project
{progress} - percentage of test cases actioned on the project
{endDate} - test window start date for the project
{projectDuration} - project duration in days i.e. difference between start & end dates
{totalVulns} - total vulnerabilities across all assets on the project
{totalCriticalVulnsAllAssets} - total critical vulnerabilities across all assets on the project
{totalHighVulnsAllAssets} - total high vulnerabilities across all assets on the project
{totalMediumVulnsAllAssets} - total medium vulnerabilities across all assets on the project
{totalLowVulnsAllAssets} - total low vulnerabilities across all assets on the project
{totalInfoVulnsAllAssets} - total informational vulnerabilities across all assets on the project
{totalFixedVulns} - total fixed/closed vulnerabilities across all assets on the project
{totalRetestingVulns} - total vulnerabilities flagged as retesting across all assets on the project
{totalNotFixedVulns} - total not fixed/open vulnerabilities across all assets on the project
{#assets} - list of all assets on the project
{.} - name of each asset
{#assetsDetails} - details for all assets (if using Assets module)
{id} - id for the asset on the project
{name} - name of the asset on the project
{library_id} - id for the asset in the library
{library_created} - created timestamp for asset in the library
{library_updated} - updated timestamp for asset in the library
{library_name} - name of the asset in the library
{type} - type of asset
{external_id} - external id for the asset
{details} - details for the asset
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#projectTeam} - list of all project team members
{.} - name of each project team member
{#retestingHistory} - list of all rounds of retesting requested & completed on the project
{retesting_round} - e.g. 1, 2, 3, etc.
{retesting_round_status} - whether the retest round was Requested or Completed
{retesting_custom_round_name} - custom round name (optional)
{retesting_custom_status_name} - custom status name (optional)
{retesting_round_actioned_by} - name of person who requested or completed the round of retesting
{created} - date when round of retest was requested or completed
{#vulnerabilities} - list of all vulnerabilities requested / completed on the round of retesting
{vulnerability} - name of the vulnerability
{vulnerability_alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{#vulnerability_details}
{#vulnerabilityCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within ReportGen Reports
{#vulnerabilityCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{title} - title of the vulnerability
{priority} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info
{remediation_status} - either Open or Closed. Only Closed if all affected assets are also Closed.
{description} - description of the vulnerability
{@description_styled} - description of the vulnerability styled based on in-app WYSIWYG editor
{attack_scenario} - attack scenario for the vulnerability
{@attack_scenario_styled} - description of the vulnerability styled based on in-app WYSIWYG editor
{remediation_recommendation} - remediation recommendation for the vulnerability
{@remediation_recommendation_styled} - remediation recommendation for the vulnerability styled based on in-app WYSIWYG editor
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{testcases} - list of all the linked test cases to the vulnerability
{#tags} - list of all tags
{.} - tag
{#affected_asset} - details for the affected asset - see {#assetVulnerabilityMapping} - {asset}
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#assets_equally_affected_title} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED
{#assets_equally_affected} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above.
{.} - asset name
{#assets_equally_affected_full_details} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above.
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#affected_assets} - list of all affected assets for this vulnerability
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#assets_equally_affected_title} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED
{#assets_equally_affected} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above.
{.} - asset name
{#assets_equally_affected_full_details} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above.
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#evidence} - list of all evidence files uploaded to the vulnerabilities for each affected asset. De-duplication is performed to remove images which have already been displayed in the in-line screenshots
{%fileBase64} - display image (if evidence type is of image format)
{fileName} - name of the file uploaded
{caption} - caption for the file (optional)
{#vulnerabilitiesNotTested} - list of all vulnerabilities not retested on the round of retesting
{vulnerability} - name of the vulnerability
{vulnerability_alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{#vulnerability_details}
{#vulnerabilityCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within ReportGen Reports
{#vulnerabilityCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{title} - title of the vulnerability
{priority} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info
{remediation_status} - either Open or Closed. Only Closed if all affected assets are also Closed.
{description} - description of the vulnerability
{@description_styled} - description of the vulnerability styled based on in-app WYSIWYG editor
{attack_scenario} - attack scenario for the vulnerability
{@attack_scenario_styled} - description of the vulnerability styled based on in-app WYSIWYG editor
{remediation_recommendation} - remediation recommendation for the vulnerability
{@remediation_recommendation_styled} - remediation recommendation for the vulnerability styled based on in-app WYSIWYG editor
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{testcases} - list of all the linked test cases to the vulnerability
{#tags} - list of all tags
{.} - tag
{#affected_asset} - details for the affected asset - see {#assetVulnerabilityMapping} - {asset}
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#assets_equally_affected_title} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED
{#assets_equally_affected} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above.
{.} - asset name
{#assets_equally_affected_full_details} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above.
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#affected_assets} - list of all affected assets for this vulnerability
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#assets_equally_affected_title} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED
{#assets_equally_affected} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above.
{.} - asset name
{#assets_equally_affected_full_details} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above.
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#evidence} - list of all evidence files uploaded to the vulnerabilities for each affected asset. De-duplication is performed to remove images which have already been displayed in the in-line screenshots
{%fileBase64} - display image (if evidence type is of image format)
{fileName} - name of the file uploaded
{caption} - caption for the file (optional)
{#projectNotes} - list of all exportable project notes
{modified} - contains date when note was last created or last updated
{note} - contains note
{notes_raw} - details for note in RAW HTML format (verbatim)
{@notes_styled} - note styled based on in-app WYSIWYG editor with inline images
{#criticalVulns} - list of all critical vulnerabilities & statistics for affected assets. You can also use {#highVulns}; {#mediumVulns}; {#lowVulns}; and {#infoVulns} to access details for vulnerabilities in each of the priority categories.
{retest_status} - contains status whether vulnerability is Fixed or Not Fixed. A vulnerability is only considered Fixed if ALL affected assets are also fixed/closed.
{title} - title of the vulnerability
{total_affected_assets} - total number of affected assets
{total_affected_assets_fixed} - total number of affected assets which are fixed / closed
{total_affected_assets_retesting} - total number of affected assets which are flagged for retesting
{total_affected_assets_not_fixed} - total number of affected assets which not fixed / open
{#attackchains} - list of all attack chains on the project
{title} - attack objective
{#links} - contains details for all links in the chain
{%icon} - icon displayed for the link in the chain
{type} - type of link e.g. Action, Vulnerability, Flag etc.
{description} - details for the link in the chain
{discovered} - details for when the vulnerability was discovered and by whom
{#vulnerabilities} - list of all the vulnerabilities on the project. You can also use {#criticalVulnerabilities}; {#highVulnerabilities}; {#mediumVulnerabilities}; {#lowVulnerabilities}; and {#infoVulnerabilities} to access details for vulnerabilities in each of the priority categories.
{#vulnerabilityCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#vulnerabilityCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{title} - title of the vulnerability
{priority} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info
{remediation_status} - either Open or Closed. Only Closed if all affected assets are also Closed.
{description} - description of the vulnerability
{@description_styled} - description of the vulnerability styled based on in-app WYSIWYG editor
{attack_scenario} - attack scenario for the vulnerability
{@attack_scenario_styled} - description of the vulnerability styled based on in-app WYSIWYG editor
{remediation_recommendation} - remediation recommendation for the vulnerability
{@remediation_recommendation_styled} - remediation recommendation for the vulnerability styled based on in-app WYSIWYG editor
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{testcases} - list of all the test cases linked to the vulnerability
{#tags} - list of all tags
{.} - tag
{#affected_assets} - list of all affected assets for this vulnerability
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{asset_library_created} - timestamp when asset was added to Assets module library. NOTE: requires tenant configuration with Assets module enabled.
{asset_library_id} - Assets module library id. NOTE: requires tenant configuration with Assets module enabled.
{asset_external_id} - user-defined external id for the asset. NOTE: requires tenant configuration with Assets module enabled.
{asset_type} - asset type e.g. Web App, API, Network, etc. NOTE: requires tenant configuration with Assets module enabled.
{asset_details} - asset details. NOTE: requires tenant configuration with Assets module enabled.
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#assets_equally_affected_title} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED
{#assets_equally_affected} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above.
{.} - asset name
{#assets_equally_affected_full_details} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above.
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{asset_library_created} - timestamp when asset was added to Assets module library. NOTE: requires tenant configuration with Assets module enabled.
{asset_library_id} - Assets module library id. NOTE: requires tenant configuration with Assets module enabled.
{asset_external_id} - user-defined external id for the asset. NOTE: requires tenant configuration with Assets module enabled.
{asset_type} - asset type e.g. Web App, API, Network, etc. NOTE: requires tenant configuration with Assets module enabled.
{asset_details} - asset details. NOTE: requires tenant configuration with Assets module enabled.
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#evidence} - list of all evidence files uploaded to the vulnerabilities for each affected asset. De-duplication is performed to remove images which have already been displayed in the in-line screenshots
{%fileBase64} - display image (if evidence type is of image format)
{fileName} - name of the file uploaded
{caption} - caption for the file (optional)
{#completedTestcases} - list of all completed test cases on the project. You can also access {#inProgressTestcases}; {#notTestedTestcases}; {#notApplicableTestcases}; {#passedTestcases}; {#failedTestcases}; {#remediatedTestcases} and {#abuseCases} to get details on test cases and their linked vulnerabilities.
{is_failed} - default is No. If at least one vulnerability is linked to the test case, value will be Yes.
{is_remediated} - default is Not Applicable. If at least one vulnerability is linked to the test case and is Open, value will be No. If all vulnerabilities linked to the test case are Closed, value will be Yes.
{remediation_status} - default is Passed. If at least one vulnerability is linked to the test case and is Open, value will be Failed. If all vulnerabilities linked to the test case are Closed, value will be Remediated.
{tags} - list of all tags presented as a string
{title} - test case details
{modified} - date stamp when test case was created or last modified
{modifiedBy} - user that created or last last modified the test case
{testcase_code} - code assigned to the test case.
{testsuite_name} - name of the associated test suite.
{testsuite_code} - code of the associated test suite.
{#notes} - list of all notes assigned to the test case
{modified} - date stamp when notes was created or last modified
{modifiedBy} - user that created or last modified the note
{note} - note details
{#evidence} - list of all evidence uploaded to the test case
{fileName} - name of the file for the evidence uploaded
{%fileBase64} - display image (if evidence type is of image format)
{caption} - text caption for the image
{#linked_vulnerabilities}
{#vulnerabilityCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#vulnerabilityCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{title} - title of the vulnerability
{priority} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info
{remediation_status} - either Open or Closed. Only Closed if all affected assets are also Closed.
{description} - description of the vulnerability
{@description_styled} - description of the vulnerability styled based on in-app WYSIWYG editor
{attack_scenario} - attack scenario for the vulnerability
{@attack_scenario_styled} - description of the vulnerability styled based on in-app WYSIWYG editor
{remediation_recommendation} - remediation recommendation for the vulnerability
{@remediation_recommendation_styled} - remediation recommendation for the vulnerability styled based on in-app WYSIWYG editor
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{testcases} - list of all the linked test cases to the vulnerability
{#tags} - list of all tags
{.} - tag
{#affected_assets} - list of all affected assets for this vulnerability
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{asset_library_created} - timestamp when asset was added to Assets module library. NOTE: requires tenant configuration with Assets module enabled.
{asset_library_id} - Assets module library id. NOTE: requires tenant configuration with Assets module enabled.
{asset_external_id} - user-defined external id for the asset. NOTE: requires tenant configuration with Assets module enabled.
{asset_type} - asset type e.g. Web App, API, Network, etc. NOTE: requires tenant configuration with Assets module enabled.
{asset_details} - asset details. NOTE: requires tenant configuration with Assets module enabled.
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#assets_equally_affected_title} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED
{#assets_equally_affected} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above.
{.} - asset name
{#assets_equally_affected_full_details} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above.
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{asset_library_created} - timestamp when asset was added to Assets module library. NOTE: requires tenant configuration with Assets module enabled.
{asset_library_id} - Assets module library id. NOTE: requires tenant configuration with Assets module enabled.
{asset_external_id} - user-defined external id for the asset. NOTE: requires tenant configuration with Assets module enabled.
{asset_type} - asset type e.g. Web App, API, Network, etc. NOTE: requires tenant configuration with Assets module enabled.
{asset_details} - asset details. NOTE: requires tenant configuration with Assets module enabled.
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#evidence} - list of all evidence files uploaded to the vulnerabilities for each affected asset. De-duplication is performed to remove images which have already been displayed in the in-line screenshots
{%fileBase64} - display image (if evidence type is of image format)
{fileName} - name of the file uploaded
{caption} - caption for the file (optional)
{#vulnerabilityAssetMapping} - list of all vulnerabilities mapped to their affected assets
{priority} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info
{vulnerability} - vulnerability title
{#assets} - list of all affected assets
{status} - remediation status e.g. Fixed / Not Fixed
{asset} - asset name
{#assetVulnerabilityMapping} - list of all assets on the project mapped to their vulnerabilities
{asset} - asset name
{#vulnerabilities} - list of all vulnerabilities the asset is affected by
{vulnerability} - vulnerability title
{priority} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info
{status} - remediation status e.g. Fixed / Not Fixed
{#vulnerabilityDetails}
{#vulnerabilityCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within ReportGen Reports
{#vulnerabilityCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{title} - title of the vulnerability
{priority} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info
{remediation_status} - either Open or Closed. Only Closed if all affected assets are also Closed.
{description} - description of the vulnerability
{@description_styled} - description of the vulnerability styled based on in-app WYSIWYG editor
{attack_scenario} - attack scenario for the vulnerability
{@attack_scenario_styled} - description of the vulnerability styled based on in-app WYSIWYG editor
{remediation_recommendation} - remediation recommendation for the vulnerability
{@remediation_recommendation_styled} - remediation recommendation for the vulnerability styled based on in-app WYSIWYG editor
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{testcases} - list of all the linked test cases to the vulnerability
{#tags} - list of all tags
{.} - tag
{#affected_asset} - details for the affected asset - see {#assetVulnerabilityMapping} - {asset}
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#assets_equally_affected_title} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED
{#assets_equally_affected} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above.
{.} - asset name
{#assets_equally_affected_full_details} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above.
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{asset_library_created} - timestamp when asset was added to Assets module library. NOTE: requires tenant configuration with Assets module enabled.
{asset_library_id} - Assets module library id. NOTE: requires tenant configuration with Assets module enabled.
{asset_external_id} - user-defined external id for the asset. NOTE: requires tenant configuration with Assets module enabled.
{asset_type} - asset type e.g. Web App, API, Network, etc. NOTE: requires tenant configuration with Assets module enabled.
{asset_details} - asset details. NOTE: requires tenant configuration with Assets module enabled.
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#affected_assets} - list of all affected assets for this vulnerability
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project setting
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#assets_equally_affected_title} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED
{#assets_equally_affected} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above.
{.} - asset name
{#assets_equally_affected_full_details} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above.
{#assetCustomTags} - you can define & use custom tags in ReportGen. For more details check out Creating Custom Tags within Individual Reports
{#assetCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{#assetLibraryCustomFields} - you can define & use custom fields in AttackForge. For more details check out Creating Custom Fields & Forms
{sla} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options.
{release_date} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options.
{target_remediation_date} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options.
{alternate_id} - user-friendly id associated with the vulnerability, set via project settings
{asset} - asset name
{#assets} - details for grouped assets on the vulnerability
{name} - asset name
{actioned} - whether asset has been actioned or not
{#components} - affected components on the asset
{name} - component name
{#notes} - notes on the component
{.} - note
{#tags} - tags on the component
{.} - tag
{#notes} - notes on the asset
{.} - note
{#tags} - tags on the asset
{.} - tag
{asset_library_created} - timestamp when asset was added to Assets module library. NOTE: requires tenant configuration with Assets module enabled.
{asset_library_id} - Assets module library id. NOTE: requires tenant configuration with Assets module enabled.
{asset_external_id} - user-defined external id for the asset. NOTE: requires tenant configuration with Assets module enabled.
{asset_type} - asset type e.g. Web App, API, Network, etc. NOTE: requires tenant configuration with Assets module enabled.
{asset_details} - asset details. NOTE: requires tenant configuration with Assets module enabled.
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open / Ready for Retest on <DATE> / Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{caption} - text caption for the image
{@proof_of_concept_styled} - proof of concept styled based on in-app WYSIWYG editor with inline images
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0
{cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#evidence} - list of all evidence files uploaded to the vulnerabilities for each affected asset. De-duplication is performed to remove images which have already been displayed in the in-line screenshots
{%fileBase64} - display image (if evidence type is of image format)
{fileName} - name of the file uploaded
{caption} - caption for the file (optional)
Tags for Combined Reports
!IMPORTANT: To test your combined reports, simply select multiple JSON files on the 'Select Your JSON File' step when using the ReportGen browser tool.
{@pageBreak} - adds a page break.
{#projectName} - list of all projects combined in the report
{.} - name of the project
{#projectCode} - list of all project codes for all projects combined in the report
{.} - project code
{timestamp} - timestamp for when this report was created
{totalUniqueVulnerabilities} - total unique vulnerabilities across all projects
{totalCriticalVulns} - total unique critical vulnerabilities across all projects
{totalHighVulns} - total unique high vulnerabilities across all projects
{totalMediumVulns} - total unique medium vulnerabilities across all projects
{totalLowVulns} - total unique low vulnerabilities across all projects
{totalInfoVulns} - total unique informational vulnerabilities across all projects
{totalZeroDayVulns} - total unique zero-day vulnerabilities across all projects
{totalEasilyExploitableVulns} - total unique easily exploitable vulnerabilities across all projects
{#execSummaryNotes} - list of all executive summary's across all projects
{project} - name of the project
{notes} - executive summary notes on the project
{#testWindow} - list of all test windows and progress across all projects
{project} - name of the project
{startDate} - test window start date for the project
{progress} - percentage of test cases actioned on the project
{endDate} - test window start date for the project
{totalVulns} - total vulnerabilities across all assets across all projects
{totalCriticalVulnsAllAssets} - total critical vulnerabilities across all assets across all projects
{totalHighVulnsAllAssets} - total high vulnerabilities across all assets across all projects
{totalMediumVulnsAllAssets} - total medium vulnerabilities across all assets across all projects
{totalLowVulnsAllAssets} - total low vulnerabilities across all assets across all projects
{totalInfoVulnsAllAssets} - total informational vulnerabilities across all assets across all projects
{#assets} - list of all assets on the project
{name} - name of each asset
{project} - name of the project
{#projectTeam} - list of all project team members
{name} - name of each project team member
{project} - name of the project
{#retestingHistory} - list of all rounds of retesting requested & completed on the project
{retesting_round_status} - whether the retest round was Requested or Completed
{retesting_round_actioned_by} - name of person who requested or completed the round of retesting
{created} - date when round of retest was requested or completed
{project} - name of the project
{#vulnerabilities} - list of all vulnerabilities requested / completed on the round of retesting
{vulnerability} - contains name of the vulnerability
{#projectNotes} - list of all exportable project notes
{project} - name of the project
{modified} - contains date when note was last created or last updated
{note} - contains note
{#criticalVulns} - list of all critical vulnerabilities & statistics for affected assets across all projects
{title} - title of the vulnerability
{total_affected_assets} - total number of affected assets
{#highVulns} - list of all high vulnerabilities & statistics for affected assets across all projects
{title} - title of the vulnerability
{total_affected_assets} - total number of affected assets
{#mediumVulns} - list of all medium vulnerabilities & statistics for affected assets across all projects
{title} - title of the vulnerability
{total_affected_assets} - total number of affected assets
{#lowVulns} - list of all low vulnerabilities & statistics for affected assets across all projects
{title} - title of the vulnerability
{total_affected_assets} - total number of affected assets
{#infoVulns} - list of all critical vulnerabilities & statistics for affected assets across all projects
{title} - title of the vulnerability
{total_affected_assets} - total number of affected assets
{#attackchains} - list of all attack chains across all projects
{title} - attack objective
{#links} - contains details for all links in the chain
{%icon} - icon displayed for the link in the chain
{type} - type of link e.g. Action, Vulnerability, Flag etc.
{description} - details for the link in the chain
{discovered} - details for when the vulnerability was discovered and by whom
{#vulnerabilities} - list of all the vulnerabilities across all projects
{title} - title of the vulnerability
{priority} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info
{remediation_status} - either Open or Closed. Only Closed if all affected assets are also Closed.
{description} - description of the vulnerability
{@description_styled} - description of the vulnerability styled based on in-app WYSIWYG editor
{attack_scenario} - attack scenario for the vulnerability
{@attack_scenario_styled} - description of the vulnerability styled based on in-app WYSIWYG editor
{remediation_recommendation} - remediation recommendation for the vulnerability
{@remediation_recommendation_styled} - remediation recommendation for the vulnerability styled based on in-app WYSIWYG editor
{cvssv3_vector} - includes the CVSS v3.1 vector string e.g. /AV/...
{cvssv3_base_score} - includes the CVSS v3.1 base score e.g. 10.0 {cvssv3_temporal_score} - includes the CVSS v3.1 temporal score e.g. 10.0
{cvssv3_environmental_score} - includes the CVSS v3.1 environmental score e.g. 10.0
{#tags} - list of all tags
{.} - tag
{#affected_assets} - list of all affected assets for this vulnerability
{asset} - asset name
{remediation_status} - includes the remediation status of the vulnerability for the affected asset e.g. Open or Closed on <DATE>
{#remediation_notes} - list of all remediation notes for this affected asset
{created} - date stamp when remediation note was created
{note} - remediation note details
{#notes} - list of all notes for this affected asset
{note} - note details
{%inlineScreenshot} - display inline images where they are included in the note
{#proof_of_concept} - details for proof of concept / steps to reproduce
{text} - proof of concept / steps to reproduce
{%inlineScreenshot} - display inline images where they are included in the note
{#proof_of_concept_raw} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim).
{#assets_equally_affected_title} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED
{#assets_equally_affected} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof_of_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above.
{.} - asset name
{#evidence} - list of all evidence files uploaded to the vulnerabilities for each affected asset. De-duplication is performed to remove images which have already been displayed in the in-line screenshots
{%fileBase64} - display image (if evidence type is of image format)
{fileName} - name of the file uploaded
{#vulnerabilityAssetMapping} - list of all vulnerabilities mapped to their affected assets
{priority} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info
{vulnerability} - vulnerability title
{#assets} - list of all affected assets
{status} - remediation status e.g. Fixed / Not Fixed
{asset} - asset name
{#assetVulnerabilityMapping} - list of all assets across all projects mapped to their vulnerabilities
{asset} - asset name
{#vulnerabilities} - list of all vulnerabilities the asset is affected by
{vulnerability} - vulnerability title
{priority} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info
{status} - remediation status e.g. Fixed / Not Fixed
Last updated