What Kind of Reports Can Be Generated Based on Risk Scoring?

Mend.io enables teams to generate reports that leverage risk scoring to evaluate the security and compliance posture of their applications. These reports go beyond raw vulnerability counts or license lists—they use contextual risk indicators to help teams prioritize what matters most. Risk scores in Mend.io are based on factors such as CVSS severity, reachability, exploit maturity, and legal exposure, allowing you to make smarter remediation and approval decisions.

1. Vulnerabilities Report (security vulnerabilities)
   The Vulnerabilities Report highlights security weaknesses found across your projects, including those in open-source components, container images, and proprietary code. It provides detailed information such as CVSS scores, reachability status, and remediation recommendations—helping teams prioritize which issues to fix first based on actual exploitability and business impact.
   

2. Due Diligence Report (licensing risks)
   The Due Diligence Report offers a comprehensive view of licensing obligations and legal risks associated with open-source software in your codebase. It consolidates key metadata for each component—such as license type, risk score, and approval status—so that legal and security teams can make informed decisions about compliance and supply chain integrity.