WebRiskOps

Public reports

Use public reports to share a tokenized customer-safe report only after publication gates pass and private evidence remains protected.

Business owners, agencies and reviewers

Feature availability

Product, package, provider and deployment boundaries for this page.

Available from
Current documentation
Deployment modes
cloud

Product screenshots

Current customer-safe screenshots are generated from the application so examples do not drift from the product.

Generated from the deterministic demo dataset, with sensitive identifiers redacted before capture.

Before sharing a public report

Use this page after [Publication gates](/docs/reports/publication-gates) show the report is ready for public sharing. A public report uses a tokenized URL so a customer, agency client or reviewer can read customer-safe findings without signing in. Public reports are not the same as private report pages. Private scan artifacts, internal review controls, raw screenshots, HTML snapshots, provider IDs, billing context and account-only actions must remain protected unless the product explicitly exposes a safe public summary.

Share a public report

Follow the path `Reports → Private report → Publication state → Public link → Share or export`.

  1. Open /reports/{report} after Publication gates show Ready for publish. Result: the private report shows Published or public state and link actions only for an eligible report.
  2. Open Public report or copy the customer-safe public report link. Result: /r/{publicToken} opens the customer-safe report without private artifacts, admin controls or internal-only notes.
  3. Review the public executive summary, findings, evidence boundaries and export links. Result: a shared reader sees scope, risk and limitations without account access.
  4. Confirm screenshots, HTML snapshots, provider IDs and private messages are absent or redacted. Result: the public link does not expose sensitive scan artifacts.
  5. Share only the intended client-safe URL. Result: customer or agency handoff uses the public route, not the private /reports/{report} route.
  6. Return to the private report if content, evidence or gate status changes. Result: public sharing and export decisions use the current gated report state.

Public report states

Use the public state before sending a link.

  • Published means the tokenized public route is enabled and can be shared with the intended reader.
  • Private means the report can be reviewed by authenticated account users but public routes stay unavailable.
  • Token exists but disabled means the report may keep a stable token while public access is intentionally off.
  • Expired means the link should not be sent until the product refreshes or re-enables public access.
  • Agency client-safe means white-label and client portal settings may change the wrapper, but private artifacts still stay protected.

Blocked or unsafe sharing states

Stop public sharing when the report is not safe to expose.

  • Publication blocked means return to [Publication gates](/docs/reports/publication-gates) and resolve the exact gate reason.
  • Sensitive evidence means use [Privacy redaction](/docs/projects/privacy-redaction) before sharing the report externally.
  • Unsupported legal wording means use [Legal boundary wording](/docs/reports/legal-boundary-wording) before sending the link.
  • Wrong audience means use [Share client reports](/docs/accounts/share-client-reports) before agency handoff or client portal sharing.
  • Report content changed means return to the private report and confirm gates again before reusing the public URL.

Continue to PDF and print export

Continue to [PDF and print export](/docs/reports/pdf-and-print-export) when the public report is safe and the recipient needs a static copy. Keep the public link private until the current report state, evidence boundaries and sharing audience are all clear.

Related documentation

Publication gatesPDF and print exportLegal boundary wordingShare client reportsPrivacy redaction

Was this page helpful?

Feedback goes into the product documentation review queue.