LSE toolsLSE toolsVulnreport (147)Vulnreport (147)

Tool and Usage

Vulnreport is a tool to automate and manage all the data involved security reviews. In particular, it focuses on discovered vulnerabilities.

Screenshot for Vulnreport tool review

Why this tool?

Vulnreport is a platform to deal with penetration test results. The tool formats them and provides actionable findings reports. The platform is strong in focusing on automation, to reduce the time spent by engineers.

Background information

Vulnreport was built by the Product Security team from Salesforce. They wanted to reduce the required time to write, format, and proofing the reports of the penetration tests.

Usage and audience

Vulnreport is commonly used for security reviews, vulnerability management, or vulnerability scanning. Target users for this tool are auditors, pentesters, security professionals, and system administrators.


  • Vulnreport is written in Ruby
  • Customization and additions are possible
  • Tool allows multiple integrations

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + The source code of this software is available

History and highlights

  • Presentation at Black Hat USA 2016

Author and Maintainers

Vulnreport is under development by Tim Bach and maintained by Salesforce.


Supported operating systems

Vulnreport is known to work on Linux.


Several dependencies are required to use Vulnreport.

  • Bundler
  • PostgreSQL
  • Redis
  • rollbar
  • Ruby

Vulnreport alternatives

Similar tools to Vulnreport:



Faraday is collaboration tool for pentest assignments and vulnerability management. It allows integration with a number of other security tools.



Web Application Security Scanner aimed towards helping users evaluate the security of web applications



Utility like pkg-audit for Arch Linux to find vulnerable packages on the system

See all alternatives tools for Vulnreport »

Found an improvement? Become an influencer and submit an update.
Project details
Latest release3.0.3 [2016-10-14]
LicenseBSD 3-clause

Project health

This score is calculated by different factors, like project age, last release date, etc.


GitHub iconVulnreport GitHub project
Twitter icon@SecureCloudDev
 Vulnreport project website

Related terms