Resolve allows custom Microsoft Word reports to be made through the use of templates. These templates contain placeholders that will populate data at the time of report generation. Resolve uses the docx-templates library for this dynamic report generation. The documentation for that library can be found here. Additionally, an introduction to the Resolve-specific use cases is below.


The command delimiter

In Word templates every dynamic field should begin and end with +++, for example to insert a project name you would type:

+++project.name+++

All commands inside of the delimiters will use standard Javascript notation. Any objects provided to the template can be accessed without a preceding $. All objects created inside of the template (e.g. in a for-each loop, see below for examples) should be preceded by a $.


Template Objects

Depending on the report entity a set of default objects are provided to the template. Outlined below are all fields available for each supported Entity template type, any non-standard fields are included inline. To see which data each entity always contains, please view Entity Fields.

Table 1. Project Entity Template Fields
FieldDescription
projectNo non-standard fields. Only available for single record templates.
projectsNo non-standard fields. Only available for multiple record templates.
findings
[{
  instances: [{}] //An array of instances for this finding
}]


instances
[{
  verifications: [{}] //An array of verifications for this instance
}]


verificationsNo non-standard fields
assets
[{
  formattedHost: 'DNS name' || 'host name' || null
}]


projectRoles
{
 [Role Name]: [{}] //An array of users with that role
}


owaspMap
{
 [Numeric OWASP category]: boolean //true if any findings for that category were found
}


owaspMobileMap
{
 [Numeric Mobile OWASP category]: boolean //true if any findings for that category were found
}


owaspRemediationMap
{
 [Numeric OWASP category]: 'Remediated' || 'Not Remediated' || 'Partially Remediated' || 'N/A'
}


owaspMobileRemediationMap
{
 [Numeric Mobile OWASP category]: 'Remediated' || 'Not Remediated' || 'Partially Remediated' || 'N/A'
}


masterFindingsBySeverityAn array of severities, each containing a masterFindings property for all master findings with that severity
findingsBySeverityAn array of severities, each containing a findings property for all findings with that severity
Table 2. Asset Entity Template Fields
FieldDescription
assetsNo non-standard fields
Table 3. Application Entity Template Fields
FieldDescription
applicationsNo non-standard fields
Table 4. Scan Entity Template Fields
FieldDescription
scansNo non-standard fields
Table 5. User Entity Template Fields
FieldDescription
usersNo non-standard fields
Table 6. Finding Entity Template Fields
FieldDescription
findings
[{
  instances: [{}] //An array of instances for this finding
}]


instancesNo non-standard fields
masterFindingsBySeverityAn array of severities, each containing a masterFindings property for all master findings with that severity
findingsBySeverityAn array of severities, each containing a findings property for all findings with that severity

Output specific entity field values

If you know the name of the field you need the value for, use javascript object notation and specify the field name. For example, if you want to export just the description of the selected entity, use:

$item.description


Looping with foreach

Use foreach to loop through a list like findings

+++FOR finding IN findings+++
+++$finding.name+++
+++END-FOR finding+++


Conditional Statements

Apply conditional statements through the use of IF statements

+++IF $finding.severity === 'High'+++
Warning: this is a high severity finding.
+++END-IF+++


Rendering HTML

To render rich text contents, call the formatHtml function and use the HTML command delimiter.

+++HTML formatHtml($finding.description)+++


Custom Formatting

With the use of the EXEC command delimiter any valid javascript can be used. To apply additional formatting to an object, try:

+++EXEC $finding.name += ' Finding'+++