Pentographer
Docs/Core Features/Finding Editor and Version History

Finding Editor and Version History

How to use the Markdown finding editor, attach evidence screenshots, configure CVSS scoring, and manage version history.

The finding editor is where security auditors log vulnerability findings.

Writing in Markdown

The description and remediation fields support standard Markdown syntax. The editor displays a Split Preview layout:

  • Left Column: Edit raw Markdown code.
  • Right Column: Renders formatting, list items, and code highlights live as you type.

Risk and CVSS Scoring

Set a severity level (Critical, High, Medium, Low, Informational) to prioritize the finding. Enter the numeric Common Vulnerability Scoring System (CVSS) v3.1 score (e.g. 8.8) to record the objective score.

Uploading Evidence

To add context to a finding, upload proof-of-concept screenshots:

  1. Drag and drop your image files into the editor's upload zone or click to select files.
  2. Once the server finishes processing the upload, it displays a thumbnail list.
  3. The server generates a unique file URL for each screenshot.

[!NOTE] Uploading an image generates the file URL, but does not commit it to the finding record instantly. You must click Save on the finding page to commit these URLs into the active finding version.

Tracking Version History

Pentographer keeps an immutable history of every save:

  • Every time you click Save, the application creates a new version entry.
  • You can view older snapshots in the version history panel.
  • Click Restore on any historic entry to revert the draft to that snapshot (restoring creates a new chronological version rather than deleting history).

Managing Finding Status

Each finding carries a status (Open, In Review, Remediated, Accepted Risk, or False Positive) that you update as the engagement progresses. Click the status badge at the top of the editor to change it. Status affects which findings appear in risk summary counts and which are included in published reports. See Finding Status Workflow for the full lifecycle and report implications.

Integrating Playbooks and AI Tools

To speed up finding write-ups, you can integrate playbooks and AI writing tools:

  • Checklist Mapping: Link the finding to a pre-configured playbook item to auto-populate titles, risk levels, and descriptions. For more information, read the Playbook Management guide.
  • AI Drafting: Use Claude to expand raw notes or draft remediations on the fly. See the AI Drafting Assistant guide to learn about AI-assisted writing.

Was this article helpful?

Help us improve the Pentographer documentation.

Subscribe to security audits for builders

Get technical write-ups on building deterministic AI pipelines, self-hosting secure apps, and automating pentesting workflows. No marketing spam.

← Previous articleQuick Start: Run Pentographer LocallyNext article →Scoped API Keys and OAuth Clients