Sample reports
See exactly what your auditor sees.
Download the signed PDF plus JSON sidecar. Verify the Ed25519 signature against the public key at /.well-known/evidence-pack-pubkey.pem. Hand to your auditor as a reference for what to expect from your own report.
Browse sample reports
Real scans of well-known SaaS platforms and one of our own domains — none of them perfect, so you can see how findings, severity, and remediation actually render. Pick one to preview the artifact.
stripe.com
A-Audit-ready — enforced email auth, minor hardening left
View report →
vercel.com
A-Audit-ready — good defaults, DMARC not yet at reject
View report →
github.com
A-Audit-ready — heavy DKIM use, minor enforcement items
View report →
quantamentry.com
BFindings-rich — what a real fix list looks like
View report →
Or download the reference pack
A fictional example.com scan that demonstrates the full PDF + JSON layout without any real-world findings to interpret.
See methodology v1 — the exact rules used to produce these packs.