Understand report evidence

Before interpreting evidence

Use this page after a live audit is completed and a private report is available. The report evidence explains what WebRiskOps observed, why a finding exists, how confident the product is, and which automated next actions are safe. Do not start remediation, ticket export, PDF export or public sharing from the score alone. Open the issue evidence first, then decide whether the finding is actionable, incomplete, a likely false positive or blocked by a publication gate.

Review the report evidence flow

Follow the path `Reports → Private report → Summary → Top findings → Issue evidence → Next action` from `/reports/{report}`.

1. Open /reports after the live audit reaches Completed. Result: the Reports list shows the newest private report with project name, status and issue count.
2. Open the report for the project. Result: the report summary shows Risk score, Findings, Status, scanned pages and top findings for the same scan run.
3. Read Top findings before acting. Result: severity, category, confidence and affected page show why each issue is prioritized.
4. Open the highest-severity finding. Result: issue evidence shows observed URL, evidence text, screenshot or artifact availability, fingerprint and suggested remediation context.
5. Compare evidence with screenshots, HTML snapshots, console and network artifacts when available. Result: you know what the scanner observed versus what is inferred from deterministic checks.
6. Choose the next action only after evidence is complete. Result: remediation, ticket export, publication, PDF or false-positive review starts from an evidence-backed finding.

What evidence fields mean

Evidence fields explain both priority and proof. Read them together before assigning work or sharing the report.

• Severity shows likely customer or business impact if the issue is real.
• Category groups the finding into a product area such as security, accessibility, consent, checkout or content quality.
• Confidence shows how strongly the scan evidence supports the finding.
• Evidence describes the scanner observation in customer-readable language.
• Screenshot and artifact paths show whether visual, HTML, console or network context is available.
• Fingerprint lets later retests and monitoring compare the same issue without treating every wording change as a new finding.

Incomplete or blocked evidence states

Incomplete evidence is a decision point, not a reason to invent proof.

• Evidence incomplete means continue to [Evidence, screenshots and artifacts](/docs/reports/evidence-screenshots-and-artifacts) before publishing or exporting.
• Screenshot unavailable means use the artifact reason and scan coverage notes instead of claiming visual proof exists.
• Report publication blocked means continue to [Publication gates](/docs/reports/publication-gates) and keep the report private until the gate is clear.
• Likely false positive means continue to [False-positive review](/docs/reports/false-positive-review) before starting remediation work.
• Skipped or failed pages means continue to [Failure and skipped-page meanings](/docs/projects/failure-and-skipped-page-meanings) so missing evidence stays tied to scan coverage.

Continue from report evidence

Continue to [Severity, categories and confidence](/docs/reports/severity-categories-and-confidence) when you need to interpret priority and certainty. Continue to [Issue fingerprints](/docs/reports/issue-fingerprints) before retests or monitoring, and use [Publication gates](/docs/reports/publication-gates) before public reports, PDF export or external sharing.