Skip to Content
Detectify for CompliancePCI ASV ScanningReports & Evidence

Reports & Evidence

Detectify ASV Scanning provides compliance-ready reports that you can submit to payment processors, acquirers, and auditors as evidence of PCI DSS compliance.

Report Types

Each completed scan generates four report types:

ReportDescriptionWhen to Use
AoSC (Attestation of Scan Compliance)The official compliance attestation required by PCI DSS. Only issued for passing scans.Submit to your payment processor or acquirer as proof of compliance.
Executive ReportA high-level summary of scan results.Share with management and non-technical stakeholders.
Detailed ReportFull technical data on all findings, including vulnerability details and CVSS scores.Use for internal security review and remediation planning.
Remediation ReportRecommended steps to resolve identified vulnerabilities.Hand off to your engineering team to fix failing issues.

Downloading Reports

From the Profiles List

On the ASV Scanning page, profiles with completed scans show a Download latest reports button in the Actions column. This downloads a ZIP archive containing all four report types from the most recent scan with results.

From the Scan History

On a profile’s detail page, each completed scan in the Scan History table has a Download button. This downloads the reports for that specific scan.

Dual Branding

Reports carry both Detectify and Clone Systems branding. This is required by PCI SSC guidelines, as Clone Systems is the certified ASV that performs the underlying scanning. The dual branding ensures the reports are recognized as valid by auditors and payment processors.

Report Retention

Reports are stored for 3 years from the scan date. After this period, reports are automatically removed.

We recommend downloading and storing reports in a secure location if you need to retain them beyond the 3-year window.

Using Reports for Compliance

Submitting to Payment Processors

To demonstrate PCI DSS compliance to your payment processor (Stripe, Adyen, etc.):

  1. Download the AoSC from your most recent passing scan
  2. Submit it along with your signed Attestation of Compliance (AOC) to your payment processor
  3. Request removal of any non-compliance fees

Audit Preparation

For formal audits, prepare:

  • AoSC reports from at least the last four quarterly scans (one year of history)
  • Detailed reports showing vulnerability remediation over time
  • Evidence of your scan schedule configuration (monthly or quarterly)

Billing Information in Reports

Your organization’s billing information is automatically populated in compliance reports so they accurately identify your organization for auditor review.

Last updated on
Scan Results & ComplianceHow It Works