Get Early Access

Finding Library

Last updated: 2026-03-29

What Is the Finding Library?

The Finding Library is a collection of reusable finding templates — pre-written entries for commonly recurring vulnerabilities that you can push directly into any scan. Instead of writing the same finding description from scratch each engagement, you build it once and add it wherever needed.

Navigate to Finding Library from the left sidebar.

Library Finding Contents

Each library entry contains:

  • Severity — Critical, High, Medium, Low, or Informational
  • Category — for organizing similar finding types
  • Title — the finding name
  • Description — the vulnerability write-up
  • Recommendation — remediation guidance
  • References — CVE IDs, advisories, or other references

Adding a Library Finding to a Scan

  1. Find the entry you want to use in the library list.
  2. Click Add to Scan on that entry.
  3. In the modal, select:
    • Client (dropdown)
    • Engagement (dropdown — populated based on selected client)
    • Scan (dropdown — populated based on selected engagement)
  4. Click Add.

The finding is created in the selected scan and is immediately available in the Findings and Triage views. It appears with a CUSTOM badge to distinguish it from scanner-imported findings.

You can edit the added finding’s consultant fields (title, description, solution, severity) in the normal Finding Detail view after adding it.

Creating Library Entries

To add a new entry to your library, use the create option in the Finding Library page. Fill in the severity, category, title, description, recommendation, and any references, then save.

Build up your library over time with your organization’s standard write-ups — this is especially valuable for findings like default credentials, missing patches, or weak TLS configurations that appear across nearly every engagement.

Exporting the Library

The Finding Library supports bulk CSV export of all entries. Use the export option to back up your library or import it into other tooling.

The CSV export uses the same validated export path mechanism as the CSV Export feature, writing to a location you specify.