Variables
This page lists all variables available in templates. These variables are populated from your report data when rendering or exporting.
report
General report metadata.
| Variable | Type | Description |
|---|---|---|
report.title | string | Report title |
report.status | string | draft, waiting-for-review, under-review, completed |
report.language | string | Language code (e.g. EN, FR) |
report.version | string | Report version (e.g. 1.0.0) |
report.executiveSummary | HTML | Executive summary content |
report.createdAt | date | Creation date |
report.updatedAt | date | Last update date |
Authors & reviewers
| Variable | Type | Description |
|---|---|---|
report.author | object | Primary author |
report.author.name | string | Full name |
report.author.email | string | |
report.author.firstName | string | First name |
report.author.lastName | string | Last name |
report.authors | array | All authors |
report.coAuthors | array | Co-authors |
report.reviewer | object | Reviewer who accepted the review |
report.reviewers | array | All reviewers |
Each entry in authors, coAuthors, and reviewers has the same fields as report.author.
Author: {{ report.author.name }}
{% if report.coAuthors.size > 0 %}
Co-authors:
{% for author in report.coAuthors %}
{{ author.name }} ({{ author.email }})
{% endfor %}
{% endif %}client
The company/client associated with the report.
| Variable | Type | Description |
|---|---|---|
client.name | string | Company name |
client.logo | string | Logo URL |
client.primaryContact | object | Main contact |
client.primaryContact.name | string | Full name |
client.primaryContact.email | string | |
client.primaryContact.phone | string | Phone |
client.primaryContact.role | string | Role / job title |
client.contacts | array | All selected contacts |
Each entry in client.contacts:
| Variable | Type | Description |
|---|---|---|
firstName | string | First name |
lastName | string | Last name |
email | string | |
phone | string | Phone |
role | string | Role / job title |
Prepared for: {{ client.name }}
{% for contact in client.contacts %}
{{ contact.firstName }} {{ contact.lastName }} — {{ contact.role }} — {{ contact.email }}
{% endfor %}TIP
The client logo can be inserted as an image element through the visual editor. Use the variable client.logo as the image source.
dates
| Variable | Type | Description |
|---|---|---|
dates.startDate | string | Assessment start date (YYYY-MM-DD) |
dates.endDate | string | Assessment end date (YYYY-MM-DD) |
dates.currentDate | string | Current date at render time (YYYY-MM-DD) |
dates.createdAt | string | Report creation date (YYYY-MM-DD) |
Assessment period: {{ dates.startDate | formatDate: 'long' }} — {{ dates.endDate | formatDate: 'long' }}scope
The assessment scope defined in the report.
| Variable | Type | Description |
|---|---|---|
scope.description | string | Scope description |
scope.entries | array | Scope entries |
Each entry in scope.entries:
| Variable | Type | Description |
|---|---|---|
type | string | ip, url, or other |
name | string | Entry label |
value | string | Entry value |
{% if scope.description %}
{{ scope.description }}
{% endif %}
{% for entry in scope.entries %}
{{ entry.type | uppercase }} — {{ entry.name }} — {{ entry.value }}
{% endfor %}TIP
Scope entries are best displayed using a table element in the visual editor with a row loop. See the Table documentation.
stats
Vulnerability count statistics.
| Variable | Type | Description |
|---|---|---|
stats.totalVulnerabilities | number | Total findings |
stats.criticalCount | number | Critical count |
stats.highCount | number | High count |
stats.mediumCount | number | Medium count |
stats.lowCount | number | Low count |
stats.informativeCount | number | Informational count |
Critical: {{ stats.criticalCount }}
High: {{ stats.highCount }}
Medium: {{ stats.mediumCount }}
Low: {{ stats.lowCount }}
Informational: {{ stats.informativeCount }}
Total: {{ stats.totalVulnerabilities }}TIP
Statistics are best displayed using a table element in the visual editor. You can use cell background colors to match severity levels.
vulnerabilities
Array of all findings in the report. Each vulnerability contains:
Core fields
| Variable | Type | Description |
|---|---|---|
title | string | Vulnerability title |
severity | string | Critical, High, Medium, Low, Info |
status | string | Finding status |
CVSS
Available when the vulnerability template includes a CVSS field.
| Variable | Type | Description |
|---|---|---|
cvss.score | string | Final score (prefers environmental > temporal > base) |
cvss.severity | string | Severity label for the final score |
cvss.baseScore | string | Base score |
cvss.baseSeverity | string | Base severity |
cvss.vector | string | CVSS vector string |
cvss.temporalScore | string | Temporal score (if enabled) |
cvss.temporalSeverity | string | Temporal severity |
cvss.environmentalScore | string | Environmental score (if enabled) |
cvss.environmentalSeverity | string | Environmental severity |
CVSS base metrics: cvss.AV, cvss.AC, cvss.PR, cvss.UI, cvss.S, cvss.C, cvss.I, cvss.A
Custom score
Available when the vulnerability template includes a custom score field.
| Variable | Type | Description |
|---|---|---|
customScore.score | number | Calculated score |
customScore.maxScore | number | Maximum possible score |
customScore.criteriaValues | object | Individual criteria scores |
Custom fields
Any field defined in your vulnerability template is accessible directly on the vulnerability object by its field name. Inside a loop, use the loop variable:
{% for vuln in vulnerabilities %}
{{ vuln.description }}
{{ vuln.remediation }}
{{ vuln.impact }}
{% endfor %}The available field names depend on your vulnerability template configuration. Multilingual fields automatically resolve to the report's language.
Looping examples
{% for vuln in vulnerabilities %}
{{ forloop.index }}. {{ vuln.title }}
Severity: {{ vuln.severity }} — CVSS: {{ vuln.cvss.score | score }}
{{ vuln.description }}
{% if vuln.remediation %}
Remediation:
{{ vuln.remediation }}
{% endif %}
{% pagebreak %}
{% endfor %}custom
Report-level custom variables defined in the template. Variable keys use dot-notation that gets converted to a nested structure.
For example, if your template defines variables with keys custom.introduction, custom.methodology.description, and custom.methodology.tools, they are accessible as:
{{ custom.introduction }}
{{ custom.methodology.description }}
{{ custom.methodology.tools }}Custom variables support rich text (HTML content), so they can include formatted text, lists, and other HTML elements configured in the report editor.