Compliance Reports

CodeStax lets you export security review reports for audit trails, vendor assessments, and compliance evidence.

Accessing Reports

Navigate to Dashboard → Reviews → Compliance to access the compliance reports page.

What You Can Export

Each completed PR review can be exported as a report containing:

• Review metadata: PR title, author, branch, provider, timestamps
• Risk score: Overall score with severity breakdown
• All issues found: File, line, severity, category, description, suggestion
• Vibe coding score: AI-generated code probability
• Scan duration and file statistics

Export Formats

Batch Export

1. Select multiple completed reviews using the checkboxes
2. Click Export Selected to download all as a single JSON report
3. The combined report includes metadata for each review plus all issues

Using Reports for Audits

Compliance reports serve as evidence for:

• SOC 2 Type II (CC6, CC7): Demonstrates code is reviewed for security before deployment
• ISO 27001 (A.12, A.14): Shows systematic vulnerability identification and remediation
• OWASP Top 10: Proves coverage of common web application security risks
• PCI-DSS (6.2, 6.3): Evidence of secure development lifecycle practices

Audit Readiness Checklist

Use this checklist to prepare for an audit:

• All repositories are connected and scanned within the last 7 days
• No critical or high findings are unresolved
• Quality gates are enabled and enforced
• SBOM is generated for production dependencies (via SCA module)
• Scan history covers the audit period
• Team members have appropriate RBAC roles assigned
• Secret detection is enabled across all repositories

API Access

Export reports programmatically:

GET /api/reviews/{review_id}/export?format=json
GET /api/reviews/{review_id}/export?format=csv
GET /api/reviews/{review_id}/export?format=pdf

Requires a valid API key. See API Authentication for details.