# Template - Tags > UPDATED: Please head over to our new GitHub Support Site for help, examples, tips and tricks: > **!IMPORTANT: The tags listed below are NOT an exhaustive list of all available tags. For up to date list, we recommend using the $help function - see** [**https://github.com/AttackForge/ReportGen/issues/18**](https://github.com/AttackForge/ReportGen/issues/18)**.** ## **Accessing Parents** To access parent objects - please visit [Tips & Tricks](https://support.attackforge.com/attackforge-enterprise/modules/reporting/tips-and-tricks#accessing-parents) ## **Tags for Individual Reports** * {**@pageBreak**} - adds a page break. * {**data**} - provides access to the root data file. * {**#projectCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#projectCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**projectName**} - name of the project * {**projectCode**} - project code * {**projectGroups**} - details for each linked Group * {**name**} - name of the group * {**timestamp**} - timestamp for when JSON report was downloaded * {**#statusUpdates**} - details for each project status update e.g. when project goes on-hold or off-hold * {**status**} - e.g. 'On-Hold' or 'Off-Hold' * {**note**} - reason why project was on-hold or off-hold * {**created**} - timestamp when project went on-hold or off-hold * {**totalUniqueVulnerabilities**} - total unique vulnerabilities on the project * {**totalCriticalVulns**} - total unique critical vulnerabilities on the project * {**totalHighVulns**} - total unique high vulnerabilities on the project * {**totalMediumVulns**} - total unique medium vulnerabilities on the project * {**totalLowVulns**} - total unique low vulnerabilities on the project * {**totalInfoVulns**} - total unique informational vulnerabilities on the project * {**totalZeroDayVulns**} - total unique zero-day vulnerabilities on the project * {**totalEasilyExploitableVulns**} - total unique easily exploitable vulnerabilities on the project * {**totalTestcases**} - total test cases assigned to the project * {**totalCompleted**} - total completed test cases on the project * {**totalInProgress**} - total in-progress test cases on the project * {**totalNotTested**} - total not-tested test cases on the project * {**totalNotApplicable**} - total not applicable test cases on the project * {**#execSummaryNotesHeading**} - set a custom heading for the exec summary, auto disable if no exec summary on project * {**#execSummaryNotes**} - executive summary notes on the project * {**execSummaryNotes**} - exec summary notes * {**%inlineScreenshot**} - display exec summary screenshots * {**caption**} - text caption for the image * {**@execSummaryNotesStyled**} - executive summary notes on the project styled based on in-app WYSIWYG editor with inline images * {**startDate**} - test window start date for the project * {**progress**} - percentage of test cases actioned on the project * {**endDate**} - test window start date for the project * {**projectDuration**} - project duration in days i.e. difference between start & end dates * {**totalVulns**} - total vulnerabilities across all assets on the project * {**totalCriticalVulnsAllAssets**} - total critical vulnerabilities across all assets on the project * {**totalHighVulnsAllAssets**} - total high vulnerabilities across all assets on the project * {**totalMediumVulnsAllAssets**} - total medium vulnerabilities across all assets on the project * {**totalLowVulnsAllAssets**} - total low vulnerabilities across all assets on the project * {**totalInfoVulnsAllAssets**} - total informational vulnerabilities across all assets on the project * {**totalFixedVulns**} - total fixed/closed vulnerabilities across all assets on the project * {**totalRetestingVulns**} - total vulnerabilities flagged as retesting across all assets on the project * {**totalNotFixedVulns**} - total not fixed/open vulnerabilities across all assets on the project * {**#assets**} - list of all assets on the project * {**.**} - name of each asset * {**#assetsDetails**} - details for all assets (if using Assets module) * {**id**} - id for the asset on the project * {**name**} - name of the asset on the project * {**library\_id**} - id for the asset in the library * {**library\_created**} - created timestamp for asset in the library * {**library\_updated**} - updated timestamp for asset in the library * {**library\_name**} - name of the asset in the library * {**type**} - type of asset * {**external\_id**} - external id for the asset * {**details**} - details for the asset * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#projectTeam**} - list of all project team members * {**.**} - name of each project team member * {**#retestingHistory**} - list of all rounds of retesting requested & completed on the project * {**retesting\_round**} - e.g. 1, 2, 3, etc. * {**retesting\_round\_status**} - whether the retest round was Requested or Completed * {**retesting\_custom\_round\_name**} - custom round name (optional) * {**retesting\_custom\_status\_name**} - custom status name (optional) * {**retesting\_round\_actioned\_by**} - name of person who requested or completed the round of retesting * {**created**} - date when round of retest was requested or completed * {**#vulnerabilities**} - list of all vulnerabilities requested / completed on the round of retesting * {**vulnerability**} - name of the vulnerability * {**vulnerability\_alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**#vulnerability\_details**} * {**#vulnerabilityCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within ReportGen Reports**](https://support.attackforge.com/attackforge.com/modules/reportgen#creating-custom-fields-within-reportgen-reports) * {**#vulnerabilityCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**title**} - title of the vulnerability * {**priority**} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info * {**remediation\_status**} - either Open or Closed. Only Closed if all affected assets are also Closed. * {**description**} - description of the vulnerability * {**@description\_styled**} - description of the vulnerability styled based on in-app WYSIWYG editor * {**attack\_scenario**} - attack scenario for the vulnerability * {**@attack\_scenario\_styled**} - description of the vulnerability styled based on in-app WYSIWYG editor * {**remediation\_recommendation**} - remediation recommendation for the vulnerability * {**@remediation\_recommendation\_styled**} - remediation recommendation for the vulnerability styled based on in-app WYSIWYG editor * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**testcases**} - list of all the linked test cases to the vulnerability * {**#tags**} - list of all tags * {**.**} - tag * {**#affected\_asset**} - details for the affected asset - see {#assetVulnerabilityMapping} - {asset} * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#assets\_equally\_affected\_title**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED * {**#assets\_equally\_affected**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above. * {**.**} - asset name * {**#assets\_equally\_affected\_full\_details**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above. * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#affected\_assets**} - list of all affected assets for this vulnerability * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * **{#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#assets\_equally\_affected\_title**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED * {**#assets\_equally\_affected**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above. * {**.**} - asset name * {**#assets\_equally\_affected\_full\_details**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above. * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#evidence**} - list of all evidence files uploaded to the vulnerabilities for each affected asset. De-duplication is performed to remove images which have already been displayed in the in-line screenshots * {**%fileBase64**} - display image (if evidence type is of image format) * {**fileName**} - name of the file uploaded * {**caption**} - caption for the file (optional) * {**#vulnerabilitiesNotTested**} - list of all vulnerabilities not retested on the round of retesting * {**vulnerability**} - name of the vulnerability * {**vulnerability\_alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * **{#vulnerability\_details}** * {**#vulnerabilityCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within ReportGen Reports**](https://support.attackforge.com/attackforge.com/modules/reportgen#creating-custom-fields-within-reportgen-reports) * {**#vulnerabilityCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**title**} - title of the vulnerability * {**priority**} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info * {**remediation\_status**} - either Open or Closed. Only Closed if all affected assets are also Closed. * {**description**} - description of the vulnerability * {**@description\_styled**} - description of the vulnerability styled based on in-app WYSIWYG editor * {**attack\_scenario**} - attack scenario for the vulnerability * {**@attack\_scenario\_styled**} - description of the vulnerability styled based on in-app WYSIWYG editor * {**remediation\_recommendation**} - remediation recommendation for the vulnerability * {**@remediation\_recommendation\_styled**} - remediation recommendation for the vulnerability styled based on in-app WYSIWYG editor * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**testcases**} - list of all the linked test cases to the vulnerability * {**#tags**} - list of all tags * {**.**} - tag * {**#affected\_asset**} - details for the affected asset - see {#assetVulnerabilityMapping} - {asset} * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#assets\_equally\_affected\_title**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED * {**#assets\_equally\_affected**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above. * {**.**} - asset name * {**#assets\_equally\_affected\_full\_details**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above. * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#affected\_assets**} - list of all affected assets for this vulnerability * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#assets\_equally\_affected\_title**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED * {**#assets\_equally\_affected**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above. * {**.**} - asset name * {**#assets\_equally\_affected\_full\_details**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above. * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#evidence**} - list of all evidence files uploaded to the vulnerabilities for each affected asset. De-duplication is performed to remove images which have already been displayed in the in-line screenshots * {**%fileBase64**} - display image (if evidence type is of image format) * {**fileName**} - name of the file uploaded * {**caption**} - caption for the file (optional) * {**#projectNotes**} - list of all exportable project notes * {**modified**} - contains date when note was last created or last updated * {**note**} - contains note * {**notes\_raw**} - details for note in RAW HTML format (verbatim) * {**@notes\_styled**} - note styled based on in-app WYSIWYG editor with inline images * {**#criticalVulns**} - list of all critical vulnerabilities & statistics for affected assets. You can also use {**#highVulns**}; {**#mediumVulns**}; {**#lowVulns**}; and {**#infoVulns**} to access details for vulnerabilities in each of the priority categories. * {**retest\_status**} - contains status whether vulnerability is Fixed or Not Fixed. A vulnerability is only considered Fixed if ALL affected assets are also fixed/closed. * {**title**} - title of the vulnerability * {**total\_affected\_assets**} - total number of affected assets * {**total\_affected\_assets\_fixed**} - total number of affected assets which are fixed / closed * {**total\_affected\_assets\_retesting**} - total number of affected assets which are flagged for retesting * {**total\_affected\_assets\_not\_fixed**} - total number of affected assets which not fixed / open * {**#attackchains**} - list of all attack chains on the project * {**title**} - attack objective * {**#links**} - contains details for all links in the chain * {**%icon**} - icon displayed for the link in the chain * {**type**} - type of link e.g. Action, Vulnerability, Flag etc. * {**description**} - details for the link in the chain * {**discovered**} - details for when the vulnerability was discovered and by whom * {**#vulnerabilities**} - list of all the vulnerabilities on the project. You can also use {**#criticalVulnerabilities**}; {**#highVulnerabilities**}; {**#mediumVulnerabilities**}; {**#lowVulnerabilities**}; and {**#infoVulnerabilities**} to access details for vulnerabilities in each of the priority categories. * {**#vulnerabilityCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#vulnerabilityCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**title**} - title of the vulnerability * {**priority**} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info * {**remediation\_status**} - either Open or Closed. Only Closed if all affected assets are also Closed. * {**description**} - description of the vulnerability * {**@description\_styled**} - description of the vulnerability styled based on in-app WYSIWYG editor * {**attack\_scenario**} - attack scenario for the vulnerability * {**@attack\_scenario\_styled**} - description of the vulnerability styled based on in-app WYSIWYG editor * {**remediation\_recommendation**} - remediation recommendation for the vulnerability * {**@remediation\_recommendation\_styled**} - remediation recommendation for the vulnerability styled based on in-app WYSIWYG editor * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**testcases**} - list of all the test cases linked to the vulnerability * {**#tags**} - list of all tags * {**.**} - tag * {**#affected\_assets**} - list of all affected assets for this vulnerability * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**asset\_library\_created**} - timestamp when asset was added to Assets module library. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_library\_id**} - Assets module library id. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_external\_id**} - user-defined external id for the asset. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_type**} - asset type e.g. Web App, API, Network, etc. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_details**} - asset details. NOTE: requires tenant configuration with Assets module enabled. * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#assets\_equally\_affected\_title**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED * {**#assets\_equally\_affected**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above. * {**.**} - asset name * {**#assets\_equally\_affected\_full\_details**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above. * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**asset\_library\_created**} - timestamp when asset was added to Assets module library. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_library\_id**} - Assets module library id. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_external\_id**} - user-defined external id for the asset. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_type**} - asset type e.g. Web App, API, Network, etc. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_details**} - asset details. NOTE: requires tenant configuration with Assets module enabled. * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#evidence**} - list of all evidence files uploaded to the vulnerabilities for each affected asset. De-duplication is performed to remove images which have already been displayed in the in-line screenshots * {**%fileBase64**} - display image (if evidence type is of image format) * {**fileName**} - name of the file uploaded * {**caption**} - caption for the file (optional) * {**#completedTestcases**} - list of all completed test cases on the project. You can also access {**#inProgressTestcases**}; {**#notTestedTestcases**}; {**#notApplicableTestcases**}; {**#passedTestcases**}; {**#failedTestcases**}; {**#remediatedTestcases**} and {**#abuseCases**} to get details on test cases and their linked vulnerabilities. * {**is\_failed**} - default is *No*. If at least one vulnerability is linked to the test case, value will be *Yes*. * {**is\_remediated**} - default is *Not Applicable*. If at least one vulnerability is linked to the test case and is Open, value will be *No*. If all vulnerabilities linked to the test case are Closed, value will be *Yes*. * {**remediation\_status**} - default is *Passed*. If at least one vulnerability is linked to the test case and is Open, value will be *Failed*. If all vulnerabilities linked to the test case are Closed, value will be *Remediated*. * {**tags**} - list of all tags presented as a string * {**title**} - test case details * {**modified**} - date stamp when test case was created or last modified * {**modifiedBy**} - user that created or last last modified the test case * {**testcase\_code**} - code assigned to the test case. * {**testsuite\_name**} - name of the associated test suite. * {**testsuite\_code**} - code of the associated test suite. * {**#notes**} - list of all notes assigned to the test case * {**modified**} - date stamp when notes was created or last modified * {**modifiedBy**} - user that created or last modified the note * {**note**} - note details * {**#evidence**} - list of all evidence uploaded to the test case * {**fileName**} - name of the file for the evidence uploaded * {**%fileBase64**} - display image (if evidence type is of image format) * {**caption**} - text caption for the image * {**#linked\_vulnerabilities**} * {**#vulnerabilityCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#vulnerabilityCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**title**} - title of the vulnerability * {**priority**} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info * {**remediation\_status**} - either Open or Closed. Only Closed if all affected assets are also Closed. * {**description**} - description of the vulnerability * {**@description\_styled**} - description of the vulnerability styled based on in-app WYSIWYG editor * {**attack\_scenario**} - attack scenario for the vulnerability * {**@attack\_scenario\_styled**} - description of the vulnerability styled based on in-app WYSIWYG editor * {**remediation\_recommendation**} - remediation recommendation for the vulnerability * {**@remediation\_recommendation\_styled**} - remediation recommendation for the vulnerability styled based on in-app WYSIWYG editor * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**testcases**} - list of all the linked test cases to the vulnerability * {**#tags**} - list of all tags * {**.**} - tag * {**#affected\_assets**} - list of all affected assets for this vulnerability * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**asset\_library\_created**} - timestamp when asset was added to Assets module library. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_library\_id**} - Assets module library id. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_external\_id**} - user-defined external id for the asset. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_type**} - asset type e.g. Web App, API, Network, etc. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_details**} - asset details. NOTE: requires tenant configuration with Assets module enabled. * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#assets\_equally\_affected\_title**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED * {**#assets\_equally\_affected**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above. * {**.**} - asset name * {**#assets\_equally\_affected\_full\_details**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above. * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**asset\_library\_created**} - timestamp when asset was added to Assets module library. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_library\_id**} - Assets module library id. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_external\_id**} - user-defined external id for the asset. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_type**} - asset type e.g. Web App, API, Network, etc. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_details**} - asset details. NOTE: requires tenant configuration with Assets module enabled. * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#evidence**} - list of all evidence files uploaded to the vulnerabilities for each affected asset. De-duplication is performed to remove images which have already been displayed in the in-line screenshots * {**%fileBase64**} - display image (if evidence type is of image format) * {**fileName**} - name of the file uploaded * {**caption**} - caption for the file (optional) * {**#vulnerabilityAssetMapping**} - list of all vulnerabilities mapped to their affected assets * {**priority**} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info * {**vulnerability**} - vulnerability title * {**#assets**} - list of all affected assets * {**status**} - remediation status e.g. Fixed / Not Fixed * {**asset**} - asset name * {**#assetVulnerabilityMapping**} - list of all assets on the project mapped to their vulnerabilities * {**asset**} - asset name * {#**vulnerabilities**} - list of all vulnerabilities the asset is affected by * {**vulnerability**} - vulnerability title * {**priority**} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info * {**status**} - remediation status e.g. Fixed / Not Fixed * **{#vulnerabilityDetails}** * {**#vulnerabilityCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within ReportGen Reports**](https://support.attackforge.com/attackforge.com/modules/reportgen#creating-custom-fields-within-reportgen-reports) * {**#vulnerabilityCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**title**} - title of the vulnerability * {**priority**} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info * {**remediation\_status**} - either Open or Closed. Only Closed if all affected assets are also Closed. * {**description**} - description of the vulnerability * {**@description\_styled**} - description of the vulnerability styled based on in-app WYSIWYG editor * {**attack\_scenario**} - attack scenario for the vulnerability * {**@attack\_scenario\_styled**} - description of the vulnerability styled based on in-app WYSIWYG editor * {**remediation\_recommendation**} - remediation recommendation for the vulnerability * {**@remediation\_recommendation\_styled**} - remediation recommendation for the vulnerability styled based on in-app WYSIWYG editor * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**testcases**} - list of all the linked test cases to the vulnerability * {**#tags**} - list of all tags * {**.**} - tag * {**#affected\_asset**} - details for the affected asset - see {#assetVulnerabilityMapping} - {asset} * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#assets\_equally\_affected\_title**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED * {**#assets\_equally\_affected**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above. * {**.**} - asset name * {**#assets\_equally\_affected\_full\_details**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above. * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**asset\_library\_created**} - timestamp when asset was added to Assets module library. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_library\_id**} - Assets module library id. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_external\_id**} - user-defined external id for the asset. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_type**} - asset type e.g. Web App, API, Network, etc. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_details**} - asset details. NOTE: requires tenant configuration with Assets module enabled. * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#affected\_assets**} - list of all affected assets for this vulnerability * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project setting * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#assets\_equally\_affected\_title**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED * {**#assets\_equally\_affected**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above. * {**.**} - asset name * {**#assets\_equally\_affected\_full\_details**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to access the full asset details of all the assets which have the same POC & Notes as the vulnerability above. * {**#assetCustomTags**} - you can define & use custom tags in ReportGen. For more details check out [**Creating Custom Tags within Individual Reports**](https://support.attackforge.com/attackforge-enterprise/modules/reporting#creating-custom-fields-within-individual-reports) * {**#assetCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**#assetLibraryCustomFields**} - you can define & use custom fields in AttackForge. For more details check out [**Creating Custom Fields & Forms**](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) * {**sla**} - SLA for the vulnerability, in date format. Requires SLAs to be enabled in tenant configuration options. * {**release\_date**} - Release date for when the vulnerability was published/available to project team, in date format. Requires SLAs to be enabled in tenant configuration options. * {**target\_remediation\_date**} - Remediation plan for the vulnerability, in date format. Requires Remediation Plan to be enabled in tenant configuration options. * {**alternate\_id**} - user-friendly id associated with the vulnerability, set via project settings * {**asset**} - asset name * {**#assets**} - details for grouped assets on the vulnerability * {**name**} - asset name * {**actioned**} - whether asset has been actioned or not * {**#components**} - affected components on the asset * {**name**} - component name * {**#notes**} - notes on the component * {**.**} - note * {**#tags**} - tags on the component * {**.**} - tag * {**#notes**} - notes on the asset * {**.**} - note * {**#tags**} - tags on the asset * {**.**} - tag * {**asset\_library\_created**} - timestamp when asset was added to Assets module library. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_library\_id**} - Assets module library id. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_external\_id**} - user-defined external id for the asset. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_type**} - asset type e.g. Web App, API, Network, etc. NOTE: requires tenant configuration with Assets module enabled. * {**asset\_details**} - asset details. NOTE: requires tenant configuration with Assets module enabled. * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open / Ready for Retest on \ / Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**caption**} - text caption for the image * {**@proof\_of\_concept\_styled**} - proof of concept styled based on in-app WYSIWYG editor with inline images * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0 * {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#evidence**} - list of all evidence files uploaded to the vulnerabilities for each affected asset. De-duplication is performed to remove images which have already been displayed in the in-line screenshots * {**%fileBase64**} - display image (if evidence type is of image format) * {**fileName**} - name of the file uploaded * {**caption**} - caption for the file (optional) ## **Tags for Combined Reports** **!IMPORTANT:** To test your combined reports, simply select multiple JSON files on the *'Select Your JSON File'* step when using the ReportGen browser tool. * {**@pageBreak**} - adds a page break. * {**#projectName**} - list of all projects combined in the report * {**.**} - name of the project * {**#projectCode**} - list of all project codes for all projects combined in the report * {**.**} - project code * {**timestamp**} - timestamp for when this report was created * {**totalUniqueVulnerabilities**} - total unique vulnerabilities across all projects * {**totalCriticalVulns**} - total unique critical vulnerabilities across all projects * {**totalHighVulns**} - total unique high vulnerabilities across all projects * {**totalMediumVulns**} - total unique medium vulnerabilities across all projects * {**totalLowVulns**} - total unique low vulnerabilities across all projects * {**totalInfoVulns**} - total unique informational vulnerabilities across all projects * {**totalZeroDayVulns**} - total unique zero-day vulnerabilities across all projects * {**totalEasilyExploitableVulns**} - total unique easily exploitable vulnerabilities across all projects * {**#execSummaryNotes**} - list of all executive summary's across all projects * {**project**} - name of the project * {**notes**} - executive summary notes on the project * {**#testWindow**} - list of all test windows and progress across all projects * {**project**} - name of the project * {**startDate**} - test window start date for the project * {**progress**} - percentage of test cases actioned on the project * {**endDate**} - test window start date for the project * {**totalVulns**} - total vulnerabilities across all assets across all projects * {**totalCriticalVulnsAllAssets**} - total critical vulnerabilities across all assets across all projects * {**totalHighVulnsAllAssets**} - total high vulnerabilities across all assets across all projects * {**totalMediumVulnsAllAssets**} - total medium vulnerabilities across all assets across all projects * {**totalLowVulnsAllAssets**} - total low vulnerabilities across all assets across all projects * {**totalInfoVulnsAllAssets**} - total informational vulnerabilities across all assets across all projects * {**#assets**} - list of all assets on the project * {**name**} - name of each asset * {**project**} - name of the project * {**#projectTeam**} - list of all project team members * {**name**} - name of each project team member * {**project**} - name of the project * {**#retestingHistory**} - list of all rounds of retesting requested & completed on the project * {**retesting\_round\_status**} - whether the retest round was Requested or Completed * {**retesting\_round\_actioned\_by**} - name of person who requested or completed the round of retesting * {**created**} - date when round of retest was requested or completed * {**project**} - name of the project * {**#vulnerabilities**} - list of all vulnerabilities requested / completed on the round of retesting * {**vulnerability**} - contains name of the vulnerability * {**#projectNotes**} - list of all exportable project notes * {**project**} - name of the project * {**modified**} - contains date when note was last created or last updated * {**note**} - contains note * {**#criticalVulns**} - list of all critical vulnerabilities & statistics for affected assets across all projects * {**title**} - title of the vulnerability * {**total\_affected\_assets**} - total number of affected assets * {**#highVulns**} - list of all high vulnerabilities & statistics for affected assets across all projects * {**title**} - title of the vulnerability * {**total\_affected\_assets**} - total number of affected assets * {**#mediumVulns**} - list of all medium vulnerabilities & statistics for affected assets across all projects * {**title**} - title of the vulnerability * {**total\_affected\_assets**} - total number of affected assets * {**#lowVulns**} - list of all low vulnerabilities & statistics for affected assets across all projects * {**title**} - title of the vulnerability * {**total\_affected\_assets**} - total number of affected assets * {**#infoVulns**} - list of all critical vulnerabilities & statistics for affected assets across all projects * {**title**} - title of the vulnerability * {**total\_affected\_assets**} - total number of affected assets * {**#attackchains**} - list of all attack chains across all projects * {**title**} - attack objective * {**#links**} - contains details for all links in the chain * {**%icon**} - icon displayed for the link in the chain * {**type**} - type of link e.g. Action, Vulnerability, Flag etc. * {**description**} - details for the link in the chain * {**discovered**} - details for when the vulnerability was discovered and by whom * {**#vulnerabilities**} - list of all the vulnerabilities across all projects * {**title**} - title of the vulnerability * {**priority**} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info * {**remediation\_status**} - either Open or Closed. Only Closed if all affected assets are also Closed. * {**description**} - description of the vulnerability * {**@description\_styled**} - description of the vulnerability styled based on in-app WYSIWYG editor * {**attack\_scenario**} - attack scenario for the vulnerability * {**@attack\_scenario\_styled**} - description of the vulnerability styled based on in-app WYSIWYG editor * {**remediation\_recommendation**} - remediation recommendation for the vulnerability * {**@remediation\_recommendation\_styled**} - remediation recommendation for the vulnerability styled based on in-app WYSIWYG editor * {**cvssv3\_vector**} - includes the CVSS v3.1 vector string e.g. /AV/... * {**cvssv3\_base\_score**} - includes the CVSS v3.1 base score e.g. 10.0\ {**cvssv3\_temporal\_score**} - includes the CVSS v3.1 temporal score e.g. 10.0 * {**cvssv3\_environmental\_score**} - includes the CVSS v3.1 environmental score e.g. 10.0 * {**#tags**} - list of all tags * {**.**} - tag * {**#affected\_assets**} - list of all affected assets for this vulnerability * {**asset**} - asset name * {**remediation\_status**} - includes the remediation status of the vulnerability for the affected asset e.g. *Open* or *Closed on \* * {**#remediation\_notes**} - list of all remediation notes for this affected asset * {**created**} - date stamp when remediation note was created * {**note**} - remediation note details * {**#notes**} - list of all notes for this affected asset * {**note**} - note details * {**%inlineScreenshot**} - display inline images where they are included in the note * {**#proof\_of\_concept**} - details for proof of concept / steps to reproduce * {**text**} - proof of concept / steps to reproduce * {**%inlineScreenshot**} - display inline images where they are included in the note * {**#proof\_of\_concept\_raw**} - details for proof of concept / steps to reproduce in RAW HTML format (verbatim). * {**#assets\_equally\_affected\_title**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the heading for this section e.g. LIST OF ASSETS EQUALLY AFFECTED * {**#assets\_equally\_affected**} - in order to cut-down report size, de-duplication is performed for each asset where #notes and #proof\_of\_concept are the same. This tag is used to display the names of all the assets which have the same POC & Notes as the vulnerability above. * {**.**} - asset name * {**#evidence**} - list of all evidence files uploaded to the vulnerabilities for each affected asset. De-duplication is performed to remove images which have already been displayed in the in-line screenshots * {**%fileBase64**} - display image (if evidence type is of image format) * {**fileName**} - name of the file uploaded * {**#vulnerabilityAssetMapping**} - list of all vulnerabilities mapped to their affected assets * {**priority**} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info * {**vulnerability**} - vulnerability title * {**#assets**} - list of all affected assets * {**status**} - remediation status e.g. Fixed / Not Fixed * {**asset**} - asset name * {**#assetVulnerabilityMapping**} - list of all assets across all projects mapped to their vulnerabilities * {**asset**} - asset name * {#**vulnerabilities**} - list of all vulnerabilities the asset is affected by * {**vulnerability**} - vulnerability title * {**priority**} - priority of the vulnerability e.g. Critical, High, Medium, Low, Info * {**status**} - remediation status e.g. Fixed / Not Fixed