Reports & exports
Every completed scan produces a structured report. You can read it in the dashboard or download it in any of four formats. Available formats depend on your plan.
What's in a report
- Executive summary — risk rating, top-line narrative, identified attack chains.
- Findings — every confirmed issue, sorted by severity, with evidence and remediation guidance.
- Coverage — what was tested, including tools the agent ran and services it discovered.
- Audit trail — full sequence of tool calls and decisions the agent made (also available as
agent_stepsvia the API).
Available formats
| Format | Endpoint | Use case |
|---|---|---|
| Markdown | GET /scans/{id}/report.md | GitHub issues, Slack posts, copy-paste into docs. |
| HTML | GET /scans/{id}/report.html | Branded, printable, viewable in browser. |
GET /scans/{id}/report.pdf | Stakeholders, board packs, compliance evidence. | |
| CSV | GET /scans/{id}/findings.csv | SIEM ingestion, ticketing imports, spreadsheets. |
Plan availability
| Format | Free | Starter+ |
|---|---|---|
| Markdown | Watermarked | Clean |
| HTML | Watermarked | Clean |
| Not available | Clean | |
| CSV | Not available | Clean |
Free-tier reports carry a DEMO — NOT FOR COMPLIANCE USE watermark and expire after 7 days. PDF and CSV exports are gated to paid plans, as is indefinite retention.
Downloading from the dashboard
Open a completed scan and use the download buttons in the header card. The dashboard sends the request with your session token; no extra auth needed.
Downloading via the API
All four endpoints require Authorization: Bearer <token> — either a Clerk JWT or a pt_ API token. They return the raw file content with the appropriate Content-Type.
curl -O -J \
-H "Authorization: Bearer pt_..." \
https://pwnkemon.com/api/scans/<scan_id>/report.pdfReport retention
On paid plans, reports are stored indefinitely. On the Free plan, reports auto-delete 7 days after the scan completes — the API returns HTTP 410 Gone after that, and the dashboard shows "Report expired". Re-running the scan produces a fresh report with a new expiry.
Webhook delivery
If you provide a callback_url when launching a scan, Pwnkemon will POST the final report payload (JSON) to that URL on completion. See webhooks.