Skip to main content

Report Generation

Simple Vulnerability Manager enables you to generate professional, comprehensive security assessment reports in Microsoft Word format. The report generation system uses customizable templates and supports multiple report types with advanced formatting options.

Overview

SVM’s reporting engine transforms your project data into polished Word documents:
  • Template-Based: Uses customizable Word templates (.dotx format)
  • Multiple Report Types: Technical, Executive, and Generic reports
  • Automated Formatting: Applies styles, tables, and formatting automatically
  • Variable Substitution: Dynamic content based on project data
  • Statistical Graphics: Optional charts and graphs showing vulnerability distribution
  • Risk-Based Styling: Different table styles for each risk level
Report generation requires Microsoft Word to be installed on your system. Since version 2.0.2, SVM provides better error handling when Office is not available.

Report Template

Template_SVM.dotx

The default Word template (Template_SVM.dotx) serves as the foundation for all generated reports. This template includes:
  • Pre-defined heading styles
  • Table formatting styles
  • Document structure and layout
  • Header and footer configurations
  • Custom variables for dynamic content
Starting from version 2.0.3, SVM uses a new template title style called “Titulo_SVM” for better compatibility with both English and Spanish versions of Microsoft Word.

Customizing the Template

1

Open Template for Editing

Navigate to Configuration > Reports and double-click the template file.
Since version 2.0.0, double-clicking the template opens the actual template file for editing, not a new document based on the template.
2

Modify Styles and Formatting

Customize the template to match your organization’s branding:
  • Heading Styles: Configure Title, Heading 1, Heading 2, etc.
  • Table Styles: Create custom table formats for vulnerability listings
  • Colors and Fonts: Match your corporate identity
  • Logo and Headers: Add company branding elements
  • Page Layout: Margins, orientation, and page size
3

Configure Style Extraction

SVM automatically extracts styles from your template:
  • Opens and reads the template file
  • Extracts all heading style formats (Titulo_SVM, Heading 1, Heading 2, etc.)
  • Extracts all table style formats
  • Displays available styles in configuration interface
Style extraction was introduced in version 2.0.0, allowing you to see exactly which styles are available in your template.
4

Save Template

Save your customized template as a .dotx file and configure SVM to use it in the Reports settings.

Template Variables

The template supports dynamic variables that are replaced with actual project data during report generation:
Common template variables include:
  • [Proyecto] - Project name (can be used in vulnerability details since version 1.1.789)
  • [Cliente] - Client name
  • [Fecha] - Assessment date
  • [Subtitulo] - Subtitle (replacement fixed in version 2.0.2)
  • [Web] - Web addresses from project
  • [IP] - IP addresses from project
  • [Analista] - Analyst name
  • [Empresa] - Company name
Variables are case-sensitive and must be enclosed in square brackets.
Place variables anywhere in your template:
Security Assessment Report

Project: [Proyecto]
Client: [Cliente]
Date: [Fecha]

This security assessment was performed on the following assets:
Web Applications: [Web]
IP Addresses: [IP]
During report generation, these variables will be replaced with actual data from your project.

Report Types

SVM supports three types of security assessment reports:
Informe Técnico (Technical Report)Comprehensive technical documentation for IT and security teams:
  • Detailed vulnerability descriptions
  • Technical exploitation details
  • Full request/response data
  • Step-by-step remediation instructions
  • Evidence screenshots with technical annotations
  • CVSS scores and technical metrics
  • Proof-of-concept demonstrations
Best for: Security engineers, system administrators, developers
Since version 1.1.791, the report filename includes the report type (“Informe Técnico”, “Informe Ejecutivo”, or “Informe Genérico”) for easier identification.

Configuring Report Settings

Risk-Based Table Formatting

One of SVM’s most powerful features is the ability to apply different table styles based on vulnerability risk level:
1

Access Report Configuration

Navigate to Configuration > Reports (Opciones/Configuración)
2

Select Template

Choose your Word template (.dotx file). SVM will automatically extract available styles.
3

Assign Risk Colors

Configure custom colors for each risk level:
  • Critical (default: Dark Red)
  • High (default: Red)
  • Medium (default: Orange)
  • Low (default: Yellow)
  • Informational (default: Blue)
Since version 2.0.0, you can select custom RGB colors for each risk level using a standard Windows color picker. Color indicators display your selected colors in the configuration interface.
4

Assign Table Styles

Map Word table styles to risk levels:
  • Each risk level can have a different table style
  • Styles are extracted from your Word template
  • Allows visual differentiation in reports
  • Creates professional, color-coded vulnerability tables
Table style assignment per risk level was introduced in version 2.0.0, enabling sophisticated report formatting.
5

Configure Heading Styles

Select which heading styles to use for different report sections from the styles available in your template.
6

Save Configuration

Save your report settings. Use Ctrl+S shortcut (added in version 1.1.788) for quick saves.

Statistical Graphics

Configure statistical graphics to visualize vulnerability distribution:
  • Vulnerability Count by Risk: Bar or pie charts showing risk distribution
  • Vulnerability Types: Charts categorizing by vulnerability class
  • Custom Colors: Graphics use your configured risk level colors
  • Color Indicators: Preview your selected colors in configuration
Color indicators for statistical graphics were added in version 2.0.0 to preview how charts will appear in reports.

Generating Reports

Report Generation Workflow

1

Complete Project Assessment

Ensure your project includes:
  • All detected vulnerabilities
  • Evidence screenshots for each finding
  • Personalized comments and context
  • Request/response data where applicable
  • Project metadata (client, dates, scope)
2

Select Report Type

Choose the appropriate report type based on your audience:
  • Technical for security teams
  • Executive for management
  • Generic for mixed audiences
3

Configure Report Options

Set report-specific options:
  • Include/exclude statistical graphics
  • Select which vulnerability categories to include
  • Configure evidence placement
  • Choose detail level
4

Generate Report

Click Generate Report to create the Word document.
For very large reports (>200 pages), report generation may take some time. A fix in version 1.1.792 addresses timeout issues with large reports.
5

Review and Customize

The generated Word document can be further customized:
  • Manual edits to content
  • Additional formatting adjustments
  • Adding custom sections
  • Final quality review

Report Structure

Generated reports follow this typical structure:
  1. Cover Page: Project name, client, date
  2. Executive Summary: High-level findings and recommendations
  3. Scope and Methodology: Assessment details and approach
  4. Statistical Overview: Charts and graphs (if enabled)
  5. Vulnerability Findings: Detailed vulnerability listings by risk level
    • Description
    • Impact assessment
    • Evidence (screenshots, request/response)
    • Remediation steps
    • Custom comments
  6. Conclusion and Recommendations: Summary and prioritized actions
  7. Appendices: Supporting documentation
Since version 2.0.0, vulnerability evidence is placed below the vulnerability description instead of above, providing better report flow.

Advanced Features

Evidence Placement

Evidence is automatically formatted in reports:
  • Screenshots are inserted as images
  • Maintains aspect ratio and reasonable sizing
  • Caption with evidence description
  • Request/response data in formatted code blocks
  • Custom comments integrated into vulnerability description
Evidence placement was improved in version 2.0.0, moving it below vulnerability descriptions for better readability.

Multi-language Reports

Generate reports in multiple languages:
  • Spanish: Original language, full support
  • English: Complete translation of report elements
  • Russian: Added in version 2.1.0
Template variables and vulnerability descriptions are rendered in the selected language.
Full Unicode support (version 2.1.0) ensures proper rendering of all characters in multi-language reports.

Temporary File Handling

When Word generates temporary files during report creation, SVM properly manages these files. A fix in version 2.1.0 resolved cases where the application could hang when Word created temporary files.

Troubleshooting

Problem: Error when generating reportsSolution: SVM requires Microsoft Word to be installed. Since version 2.0.2, the application provides clear error messages when Office is not available. Install Microsoft Office or ensure Word is properly installed.
Problem: Variables like [Subtitulo] appear in the report instead of actual valuesSolution: Ensure variable names are spelled correctly and use the exact case. The [Subtitulo] replacement bug was fixed in version 2.0.2.
Problem: Report generation fails with filename errorSolution: Project names cannot contain invalid filename characters (<, >, :, ", /, \, |, ?, *). This validation was added in version 2.1.2. Rename your project to use only valid characters.
Problem: Application freezes or shows “other application is busy” message for large reportsSolution: For reports larger than 200 pages, generation may take several minutes. A fix in version 1.1.792 improved handling of large reports. Ensure Word is not blocked and wait for completion.
Problem: Risk-based table styles don’t appear in generated reportsSolution:
  • Ensure your Word template contains the table styles you’ve configured
  • Re-extract styles by opening the template in Configuration
  • Verify table style assignments match available styles in template
  • Check template compatibility (Titulo_SVM style should be present for version 2.0.3+)
Problem: Cannot export vulnerability data to ExcelSolution: Excel export requires Microsoft Excel to be installed. The application was updated in version 2.0.2 to better handle cases where Excel is not available. Ensure Microsoft Excel is properly installed.

Report Quality Best Practices

To create high-quality security assessment reports:
  1. Complete Evidence: Include comprehensive screenshots and proof for each finding
  2. Clear Comments: Write clear, project-specific comments explaining impact
  3. Consistent Naming: Use consistent vulnerability names across projects
  4. Risk Accuracy: Assign appropriate risk levels based on actual impact
  5. Context Matters: Explain why each vulnerability matters to this specific client
  6. Remediation Focus: Provide actionable, specific remediation steps
  7. Professional Formatting: Use your customized template consistently
  8. Quality Review: Always review generated reports before delivery
Keep your report templates effective:
  • Regularly update branding and styling
  • Test template with sample data before using in production
  • Maintain backup copies of working templates
  • Document custom variables and their usage
  • Ensure compatibility with Word versions used by clients
  • Use Titulo_SVM style for maximum compatibility

Export and Sharing

Report Formats

Generated reports are created as Word documents (.docx format):
  • Can be converted to PDF for distribution
  • Editable for final customization
  • Compatible with Microsoft Word 2007 and later
  • Can be shared via email or document management systems

Backup and Archiving

SVM supports database backup functionality for archiving projects and reports. On Windows, Linux, and MacOS (via Wine), you can create backups of your local database containing all projects, vulnerabilities, and evidence.