This page contains:
The Word Report Template: dradis_welcome_template-xyz-.v0.#.docm is a custom Dradis report template. Findings are organized by CVSSv3 base score and Notes contain your project-specific details. Two charts display Issues by Risk Rating (based on CVSSv3 score) and Location (Internal vs External).
Issues are mapped to Risk Ratings based on the following CVSSv3 base score ranges:
CVSSv3 9.0 to 10.0 = Critical
CVSSv3 7.0 to 8.9 = High
CVSSv3 4.0 to 6.9 = Medium
CVSSv3 0.1 to 3.9 = Low
CVSSv3 0.0 = Informational
The Introduction subsection opens with some static text that is populated with project-specific document properties. The Report Content page in your sample project contains the values that will populate the Project Title (
dradis.project), Client (
dradis.client), and v1 (
dradis.version) placeholders throughout your report template.
The Scope subsection contains a Node content control. When you export your report, this section will contain a bullet point list of all of the affected hosts in your project.
The Conclusions and Recommendations subsection contains a Note content control that is going to export the content from the Conclusions and Recommendations Content Block on the Report Content page in your sample project.
When you open up the properties of this Note content control, you'll see that it is being filtered. This means that only Content Blocks with a Type field value of
Conclusions are going to export into this section of your report template.
The Summary of Findings section opens with a block of static text that is populated by IssueCounter content controls to give you a summary of the Issues in your project.
The Summary of Findings table displays every Issue in the project and is organized first by Risk Rating (based on the CVSSv3 score ranges), then by location (Internal / External). The Affected Hosts column will display a comma-separated list of all of the host that the specific Issue affects.
The first chart in this report is a bar chart that shows the number of Issues by Risk Rating. After you first export a report, this chart will still contain the placeholder data that you see here. Make sure to run the obnoxious-on-purpose macro button beneath the Table of Contents to update the chart with the correct data from the table below it.
The second chart in this report is a pie chart that shows the number of Issues by location. Again, make sure to run the obnoxious-on-purpose macro button beneath the Table of Contents so that this chart is also updated with the correct data from the table below it.
The Internal and External findings are separated into two sections.
Each starts with a summary table that shows just the Issues in that location, organized by Risk Rating.
Below, the detailed findings are exported in the same order they appear in the summary table. The full details for each Issue will export here including the Description, Solution, and the Location and Output for each instance of Evidence associated with the Issue.
If you open the properties of the Issue content control, you can see that the Issues in this project are being filtered by both CVSSv3.BaseScore and Type. In this case, only the Issues with a CVSSv3.BaseScore field value of from 9.0 to 10.0 as well as a Type field value of Internal will populate this specific Issue content control.
Your sample project contains the OWASPv4 Testing Methodology.
The table in your report template will contain the Methodology name, plus the name, Details, and Results fields from each of the tasks in the Done list (tasks in the Pending list will not export into your report template.
Check out a preview of what you're about to create (complete with YOUR branding):
Next help article: Document properties →