Docs / Vulnerabilities & Reports

Vulnerabilities & Reports

Review your findings, track remediation, and export professional reports

Viewing vulnerabilities

The Vulnerabilities page shows all findings across every scan you've run, deduplicated and organised by severity.

At the top of the page you'll see two counts:

  • Unique vulnerabilities: the number of distinct vulnerability types found
  • Total instances: the total number of occurrences across all your targets

Each vulnerability card shows:

  • Severity: Critical, High, Medium, Low, or Info
  • CVSS score: where applicable
  • Affected hosts: which of your targets are impacted
  • Remediation guidance: what you need to do to fix it
  • Remediation difficulty: an estimate of the effort involved

Searching and filtering

Use the search bar to find vulnerabilities by name or template ID.

You can also filter by compliance framework to focus on findings relevant to a specific standard:

  • OWASP Top 10 2025: shows vulnerabilities mapped to the latest OWASP categories
  • Cyber Essentials: shows findings relevant to Cyber Essentials controls

Click Clear to reset and see all vulnerabilities again.

Tracking remediation

You can update the status of each vulnerability to track your remediation progress:

  • Open: the default state for new findings
  • Acknowledged: you're aware of the issue and have it on your radar
  • Fixed: you've remediated the issue
  • False Positive: you've investigated and determined it's not a real issue

Click on a vulnerability to expand it, then use the status controls to change its state. This helps your team prioritise work and track progress over time.

Compliance

The Compliance page gives you a framework-level view of your security posture:

  • OWASP Top 10 2025: see how your findings map to each OWASP category with pass/fail/partial status per control
  • Cyber Essentials: view your status against each Cyber Essentials control

Each framework shows an overall compliance score as a percentage, with a breakdown of findings by category and severity. You can configure which frameworks are enabled from the compliance settings.

Exporting reports

Luna can generate reports in three formats:

  • PDF: a formatted report suitable for sharing with stakeholders or attaching to compliance evidence
  • CSV: tabular data you can open in Excel or import into other tools
  • JSON: structured data for integration with other systems

From the Vulnerabilities page

Click the Export button at the top of the Vulnerabilities page and select your format. This exports a security posture report covering all your current findings.

From a specific scan

On the Scans page, open a completed scan and use the export option to download a report for just that scan's results.

From Compliance

Each compliance framework has its own export button, generating a report focused on that framework's controls and findings.

Note: Report generation requires a Professional plan or above.

What's next?

You've now covered the fundamentals of using Luna. Here are some things to explore:

  • Set up scheduled scans to automate your regular security assessments
  • Connect integrations like Slack notifications, webhooks, or DNS provider target imports
  • Invite your team members from Settings to collaborate on remediation
  • Create API keys from Settings to integrate Luna into your CI/CD pipeline
Back to All Docs