Buyers in 2026 do not accept a CSV of findings. They want a signed PDF that maps each issue to ISO 27001 Annex A, SOC 2 Trust Services Criteria, and the OWASP Top 10 - in language a procurement reviewer can read. NANOTESTING bakes that mapping into every scan.
Click 1: generate the report
Open any completed scan and click Generate compliance report. The worker pulls every finding from this scan (filtered by last_scan_id so re-detected items get counted, exactly like the dashboard), runs each through our category-to-control map, and renders a multi-page PDF.
Click 2: download the PDF
The report carries:
- Cover with the issuing entity (Sodasoft LLC), report number (
NT-REP-2026-NNNNNN), and SHA-256 fingerprint. - OWASP Top 10 (2025) mapping for every finding, in tabular form.
- ISO 27001 Annex A mapping (A.5, A.8, A.13 controls).
- SOC 2 Trust Services Criteria (CC6.1, CC6.6, CC7.1, CC8.1).
- Per-control evidence: the URL, the CWE, the priority score, the remediation note.
Every PDF is reproducibly fingerprinted. Recomputing SHA-256(scan_job_id | finding_count | generated_at[min] | format_version) against the report inputs gives the same prefix. Any byte that changes the content shows up as a fingerprint mismatch.
Click 3: share
Send the PDF to the customer's security or procurement team. They get the OWASP + ISO + SOC 2 mapping in a form their internal reviewers already use. We also expose /verify/scan/<id> so a buyer can confirm the scan id printed on the report came from a real run inside NANOTESTING.
This is the workflow that replaces three hours of consultant-time on every vendor questionnaire. The mapping is automated, the language is consistent, and the signing keeps anyone from forwarding an altered PDF as authentic.
Try it on a real scan in your dashboard.