Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Export scan results in Burp Enterprise

Thomas | Last updated: Feb 02, 2019 07:34PM UTC

Is it possible to export the scan results of a Burp Enterprise scan e.g. as HTML or PDF? If yes how can I do that?

PortSwigger Agent | Last updated: Feb 04, 2019 11:26AM UTC

Currently this isn't possible. If you want to share scan results, we'd encourage you to instead create a view-only user so they can login and view the results. We think this is a more streamlined way of working and this will enable future features like annotations on issues. We will also be adding an HTML report feature in future.

PortSwigger Agent | Last updated: Feb 04, 2019 12:05PM UTC

Right here! Thomas' request counted as a vote and I will count yours also. If the lack of this feature is stopping you working, do include some details of that and the vote will be given more weight.

Burp User | Last updated: Feb 12, 2019 06:34PM UTC

Where can I put a vote in for exporting results?

Burp User | Last updated: Mar 13, 2019 03:36PM UTC

Ok ... sure. For most of our projects we need to provide certain evidence that our deployed code is frequently verified and our applications get scanned on a regular basis. Therefore many of our stakeholder, typically from customer side such as product owners, etc. demand access to the scan reports. As the scanner is running from within our premises it is a bigger effort to provide access to external users instead of just pushing the scan results to a jira ticket or send them to a project space. Besides that some projects are running the scan on a scheduled basis and want to get notified with a list of results after successful or unsuccessful execution instead of having to log in each and every time.

PortSwigger Agent | Last updated: Mar 13, 2019 04:48PM UTC

Regarding external users - understood completely. We do have Jira integration now, so this may be a viable alternative for you. Regarding scheduled scans - we are looking at a separate feature where email notifications are triggered on various events.

Rose, PortSwigger Agent | Last updated: Mar 14, 2019 05:02PM UTC

We hope to have something to share with you in the next release.

Burp User | Last updated: May 09, 2019 12:03AM UTC

Another vote from us as it makes it harder to show an auditor.

Burp User | Last updated: May 15, 2019 07:04PM UTC

I would definitely like to see an export to pdf feature. We need this for compliance reporting.

Rose, PortSwigger Agent | Last updated: May 16, 2019 07:53AM UTC

We'll be releasing a scan summary report in the next release, which can be exported as an HTML file. In future we plan to create a scan remediation report that can be exported as either HTML or PDF. We'll check back in when the scan summary report is released to find out whether the depth/breadth of the information meets our customers' needs.

Burp User | Last updated: May 17, 2019 06:18PM UTC

What is the timeline for the availability of these report export features? I have a client that is considering changing to your product, but from a compliance perspective, we must have the html/pdf/csv output in addition to json.

Liam, PortSwigger Agent | Last updated: May 20, 2019 09:14AM UTC

The latest release of Burp Enterprise includes an HTML Scan summary report, downloadable from the Scan results page. The report lists issues grouped by host and then issue type. For each issue the issue type, path, severity and confidence are included. There is an option to include or exclude any issues that are marked as false positive. Please let us know what, if any, additional information would be useful or is needed in this report.

Burp User | Last updated: Jul 31, 2019 08:50AM UTC

Thank you very much for providing this feature. It is exactly what we needed and solves our issue.

Sarah-Jane | Last updated: Jul 29, 2021 01:41PM UTC

It would still be helpful to have a pdf option. The interactive nature of the HTML report is useful in some contexts but auditors and other external parties do not appreciate broken links or anything that relies on connectivity.

Sarah-Jane | Last updated: Jul 29, 2021 01:41PM UTC

It would still be helpful to have a pdf option. The interactive nature of the HTML report is useful in some contexts but auditors and other external parties do not appreciate broken links or anything that relies on connectivity.

Michelle, PortSwigger Agent | Last updated: Jul 30, 2021 08:21AM UTC

Thanks for the feedback, we've passed that on to the team and added your vote for an option to have PDF format reports.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.