What are Security Reports?
Overview
Security reports are structured outputs generated by application security scanning tools that identify, categorize, and summarize potential vulnerabilities in source code and software components. In Procurize AI, security reports are primarily produced by SonarQube and focus on industry-recognized vulnerability standards.
These reports provide a consistent, machine-readable way to assess application security posture across products and versions.
What Security Reports Contain
A typical security report includes:
- Identified security vulnerabilities
- Vulnerability classifications and categories
- Severity or risk indicators
- Affected components or code paths (excluded from public reports for security reasons)
- Scan execution metadata (tool, date, version)
This information enables teams to track security risks, prioritize remediation, and demonstrate compliance.
Supported Security Standards
Procurize AI supports SonarQube security reports aligned with widely used standards, including:
- OWASP Top 10 — common web application security risks
- CWE Top 25 — the most dangerous software weaknesses
These standards provide a shared language for developers, security teams, and auditors.
Role of Security Reports in Procurize AI
Within Procurize AI, security reports are:
- Uploaded programmatically via the SonarQube Reports API
- Stored in a centralized Security Reports Repository
- Organized by product and version
- Exposed through dashboards, exports, and integrations
Security reports serve as the foundational data layer for compliance reporting, security monitoring, and automation workflows.