Scan Reports

See What You Get

Every ShipShield scan produces a comprehensive security report with findings, severity scores, and step-by-step remediation. Here is what it looks like.

Example Findings

A preview of what a scan report surfaces.

1.Missing Content-Security-Policy Header

Security Headers

high

No CSP header detected. This leaves the site vulnerable to XSS, clickjacking, and data injection attacks.

2.SSL Certificate Expiring in 12 Days

SSL/TLS

medium

Certificate expires on April 2, 2026. Renew before expiration to avoid browser trust warnings.

3.X-Frame-Options Header Not Set

Security Headers

medium

Without X-Frame-Options, the site can be embedded in iframes on other domains, enabling clickjacking.

4.Server Version Exposed in Headers

Information Disclosure

low

The Server header reveals nginx/1.24.0. Attackers can use version info to target known vulnerabilities.

Try a Free Scan

What Every Report Includes

Detailed Findings

Every vulnerability with severity, category, affected resource, and proof of detection.

Risk Score

An overall risk score from 0 to 100 based on the number and severity of findings.

Remediation Steps

Actionable fix instructions for each finding, with code snippets where applicable.

Trend Comparison

See how your results compare to the average across all ShipShield scans.

Executive Summary

A high-level overview suitable for sharing with stakeholders and non-technical team members.

PDF Export

Download a polished PDF report for compliance documentation, audits, or client deliverables.

Only available with ShipShield ($25)

Go Deeper With a Full Codebase Audit

The free scan checks what's visible from the outside. A full ShipShield audit connects to your GitHub repo and analyzes your actual source code, dependencies, infrastructure, and more, covering 5,000,000+ vulnerability signatures.

Exposed Secrets

API keys, credentials, and tokens buried in code and git history

Auth & Authorization

Missing auth checks, weak JWT config, privilege escalation paths

Injection Vulnerabilities

SQL injection, XSS, SSRF, and command injection in your source code

Dependency CVEs

Known vulnerabilities across npm, pip, cargo, and go packages

AI Business Logic Review

AI-powered analysis of input validation, race conditions, and logic flaws

Sensitive Data Flows

PII logging, unencrypted data transmission, and storage issues

Infrastructure Security

Rate limiting, request size limits, and file upload restrictions

Docker & Container Scanning

Container misconfigs, exposed ports, running as root, OS-level CVEs

License Compliance

GPL/AGPL copyleft detection across all your dependencies

SBOM Generation

SPDX-format Software Bill of Materials for compliance and audits

Supply Chain Security

Typosquatting detection and suspicious package analysis

Professional PDF Report

Detailed findings with severity ratings, code references, and AI-powered fix suggestions

Get a Full Codebase Audit for $25

Scans complete in 2-8 minutes · Automatic refund if scan fails