Skip to main content
Neo consolidates security findings from multiple tools and sources into unified, actionable reports. It parses outputs from SAST, DAST, dependency scanners, pentests, and cloud security tools, deduplicates findings, correlates issues, prioritizes by risk, and generates comprehensive reports tailored to different audiences.

How it works

  1. Data ingestion: Neo reads outputs from multiple security and development tools
  2. Parsing and normalization: Converts different formats into a unified data model
  3. Deduplication: Identifies and merges duplicate findings across tools
  4. Correlation: Links related findings and identifies attack chains
  5. Risk prioritization: Scores findings by exploitability, impact, and business context
  6. Report generation: Creates tailored reports for developers, security teams, and executives
  7. Tracking: Monitors remediation progress and generates trend analysis

Prerequisites

  • Security tool outputs in Files (JSON, XML, CSV, SARIF, or text)
  • Optional: Jira or Linear integration for ticket correlation
  • Optional: Previous scan results in Files for trend analysis
  • Environment Variables for tool configurations and credentials

Automated Tool Integration

To avoid manual work, configure your security tools to automatically send results to Neo: Upload security tool outputs directly to Files where Neo can automatically access them: Configure your CI/CD pipeline to upload scan results via Neo API: 
# Example: GitHub Actions
- name: Run Semgrep
  run: semgrep --config auto --json > semgrep-results.json

- name: Upload to Neo Files via API
  run: |
    curl -X POST https://api.neo.projectdiscovery.io/files/upload \
      -H "Authorization: Bearer $NEO_API_TOKEN" \
      -F "[email protected]" \
      -F "path=security-scans/$(date +%Y-%m-%d)/semgrep-results.json"
Organize by date or release: 
Files/
  security-scans/
    2024-11-03/
      semgrep-backend.json
      trivy-dependencies.json
      nuclei-web.json
    2024-11-10/
      semgrep-backend.json
      trivy-dependencies.json
Neo automatically monitors Files and can detect new scan results.

Option 2: Direct Tool API Integration

Configure Neo to fetch results directly from your security tools via API: In your Neo account Environment Variables, add:
  • SEMGREP_API_TOKEN: For fetching Semgrep Cloud results
  • SNYK_API_TOKEN: For accessing Snyk vulnerability data
  • SONARQUBE_URL and SONARQUBE_TOKEN: For SonarQube integration
  • GITHUB_TOKEN: For GitHub Code Scanning alerts
  • JIRA_URL and JIRA_API_TOKEN: For vulnerability tickets
Example prompt: “Fetch the latest scan results from Semgrep Cloud, Snyk, and SonarQube. Generate a consolidated security report.” Neo will automatically pull results from these tools using the configured credentials.

Option 3: S3/Cloud Storage Integration

Point Neo to cloud storage where your CI/CD saves scan outputs: In Environment Variables, configure:
  • AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
  • S3_BUCKET_NAME: e.g., my-org-security-scans
  • S3_PATH_PATTERN: e.g., scans/{date}/{tool}-results.json
Example prompt: “Fetch all security scan results from S3 bucket for the past week and generate a report.” Neo will automatically download and parse results from your cloud storage.

Option 4: Webhook Integration

Configure your security tools to send results to Neo via webhook: In your security tools, set the webhook URL to your Neo instance. When scans complete, tools automatically push results to Neo. Supported webhook sources:
  • GitHub Security Alerts
  • Snyk vulnerability notifications
  • SonarQube quality gate events
  • Custom security tool webhooks
Neo processes incoming webhooks and stores results in Files automatically. For best results, combine multiple integration methods:
  1. CI/CD → Files: Primary method for all scan outputs
  2. API Integration: For real-time data from SaaS security tools
  3. Webhooks: For immediate alerts on critical findings
  4. Cloud Storage: For archival and bulk historical analysis
This ensures Neo always has access to the latest security data without manual uploads.

Usage

Consolidate Multiple Security Tool Outputs

Prompt example: “Parse the latest security scan results from Semgrep, Trivy, Nuclei, and SonarQube. Deduplicate findings, prioritize by severity and exploitability, and generate a consolidated security report with remediation guidance.” What Neo does:
  • Reads all tool outputs from Files
  • Parses different formats (JSON, SARIF, XML)
  • Normalizes findings into common data model
  • Deduplicates same vulnerability found by multiple tools
  • Cross-references with CVE databases for context
  • Prioritizes findings by CVSS, EPSS, and business impact
  • Generates unified report with all findings
  • Groups by severity, component, and vulnerability type
  • Provides remediation guidance for each finding

Weekly Security Summary Report

Prompt example: “Generate a weekly security summary from all scans run in the past 7 days. Include SAST results from Semgrep, dependency scans from Snyk, DAST results from Burp, and manual pentest findings. Compare with last week’s metrics and show trends.” What Neo does:
  • Collects all security tool outputs from the past week
  • Parses and normalizes findings from each tool
  • Deduplicates and correlates related issues
  • Compares with previous week’s data
  • Calculates metrics: new findings, fixed issues, total open vulnerabilities
  • Generates trend analysis (improving/degrading security posture)
  • Creates executive summary with key metrics
  • Provides detailed technical findings for security team
  • Highlights critical issues requiring immediate attention

Pre-Release Security Report

Prompt example: “Before releasing v3.2, generate a comprehensive security report. Parse results from CodeQL, npm audit, OWASP ZAP, manual testing, and infrastructure scans. Create a go/no-go recommendation based on findings.” What Neo does:
  • Aggregates all security testing results for the release
  • Identifies blocking issues (critical/high severity)
  • Validates all previous security fixes are still effective
  • Checks for new vulnerabilities introduced in this version
  • Analyzes security regression test results
  • Generates release security scorecard
  • Provides go/no-go recommendation with justification
  • Creates evidence package for compliance/audit
  • Generates remediation plan for any blocking issues

Long-Running Report Tasks

Multi-Repository Security Assessment

Prompt example: “Scan all 75 repositories in our GitHub organization with multiple security tools. Run Semgrep, Trivy, and Gitleaks on each repo. Aggregate findings, identify the most vulnerable repositories, and create a prioritized remediation roadmap.” What Neo does:
  1. Discovery phase:
    • Lists all repositories in the organization
    • Clones or accesses each repository
    • Identifies technology stack per repository
  2. Scanning phase (long-running):
    • Runs Semgrep SAST on all repositories
    • Executes Trivy for dependency vulnerabilities
    • Scans with Gitleaks for exposed secrets
    • Processes repositories in parallel for efficiency
    • Saves intermediate results to Files
  3. Analysis phase:
    • Parses outputs from 225+ individual scans (3 tools × 75 repos)
    • Normalizes findings across different tool formats
    • Deduplicates vulnerabilities found by multiple tools
    • Correlates findings to identify systemic issues
  4. Prioritization phase:
    • Scores repositories by total risk (vulnerability count × severity)
    • Identifies common vulnerability patterns
    • Maps findings to owning teams using CODEOWNERS
    • Calculates remediation effort estimates
  5. Reporting phase:
    • Generates organization-wide security dashboard
    • Creates per-repository security scorecards
    • Produces prioritized remediation roadmap
    • Generates team-specific task lists
    • Provides executive summary with metrics
Example output saved to Files: 
Organization Security Report - 2025-11-03

Repositories Scanned: 75
Total Findings: 1,247
  Critical: 23
  High: 156
  Medium: 487
  Low: 581

Top 5 Most Vulnerable Repositories:
1. backend-api (34 critical/high findings)
2. payment-service (28 critical/high findings)
3. admin-panel (21 critical/high findings)
4. user-service (19 critical/high findings)
5. legacy-monolith (17 critical/high findings)

Common Issues Across Repos:
- SQL Injection: 15 repositories
- Hardcoded Secrets: 23 repositories
- Outdated Dependencies: 67 repositories
- XSS Vulnerabilities: 12 repositories

Remediation Timeline: 6 weeks
Estimated Effort: 320 engineering hours

Continuous Compliance Reporting

Prompt example: “Generate monthly PCI DSS compliance report. Parse results from infrastructure scans, code analysis, penetration tests, and configuration reviews. Track compliance over time and identify gaps.” What Neo does:
  • Collects security evidence from multiple sources
  • Maps findings to PCI DSS requirements (12 requirements, 78 sub-requirements)
  • Identifies compliance gaps and violations
  • Tracks remediation status from previous reports
  • Generates compliance scorecard by requirement
  • Creates audit-ready evidence package
  • Provides remediation guidance for each gap
  • Tracks compliance trends over time

Security Tool Output Formats Supported

Neo can parse and normalize outputs from: SAST Tools:
  • Semgrep (JSON, SARIF)
  • CodeQL (SARIF, CSV)
  • SonarQube (JSON, API)
  • Bandit (JSON, XML)
  • ESLint (JSON, SARIF)
  • Checkmarx (XML, CxSAST)
Dependency Scanners:
  • Snyk (JSON, API)
  • npm audit (JSON)
  • Trivy (JSON, SARIF)
  • OWASP Dependency-Check (XML, JSON)
  • Grype (JSON)
DAST Tools:
  • OWASP ZAP (XML, JSON)
  • Burp Suite (XML)
  • Nuclei (JSON, JSONL)
  • Nikto (XML, JSON)
Secret Scanners:
  • Gitleaks (JSON, SARIF)
  • TruffleHog (JSON)
  • detect-secrets (JSON)
Cloud Security:
  • Prowler (JSON, CSV)
  • ScoutSuite (JSON)
  • CloudSploit (JSON)
Container Security:
  • Trivy (JSON, SARIF)
  • Clair (JSON)
  • Anchore (JSON)
Infrastructure:
  • Nessus (XML, CSV)
  • OpenVAS (XML)
  • Nmap (XML)

Report Generation Examples

Executive Summary Report

Prompt example: “Generate an executive security summary for Q4 2024. Aggregate all security testing, show vulnerability trends, calculate mean time to remediate, and provide ROI metrics for security investments.” What Neo does:
  • Aggregates 3 months of security data
  • Calculates key metrics:
    • Total vulnerabilities discovered and fixed
    • Mean time to detect (MTTD) and remediate (MTTR)
    • Security posture trend (improving/declining)
    • Vulnerability introduction vs remediation rate
  • Generates executive-friendly visualizations
  • Provides business impact analysis
  • Benchmarks against industry standards
  • Creates actionable recommendations
  • Saves summary as PDF and presentation slides

Developer-Focused Report

Prompt example: “Create a developer report for the backend team. Parse all security findings affecting backend services, provide code-level details, link to remediation docs, and create Jira tickets for each issue.” What Neo does:
  • Filters findings relevant to backend services
  • Provides code snippets showing vulnerable code
  • Links to exact file locations and line numbers
  • Includes remediation examples and secure coding patterns
  • Provides OWASP/CWE references for learning
  • Estimates fix complexity and effort
  • Creates Jira tickets with all context
  • Links to internal documentation and standards

Vulnerability Trend Analysis

Prompt example: “Analyze security findings over the past 6 months. Show trends by vulnerability type, severity, and repository. Identify recurring issues and systemic problems.” What Neo does:
  • Loads historical scan data from Files
  • Analyzes trends over time
  • Identifies recurring vulnerability patterns
  • Highlights repositories with persistent issues
  • Detects systemic security problems (e.g., same mistake in multiple repos)
  • Calculates velocity metrics (fix rate, introduction rate)
  • Generates trend visualizations
  • Provides root cause analysis
  • Recommends preventive measures (training, guardrails, tools)

Comparison Report: Before and After Fix

Prompt example: “Compare security scan results before and after the authentication refactor in PR #789. Verify all identified issues are fixed and no new vulnerabilities were introduced.” What Neo does:
  • Runs security scans on both versions (before and after)
  • Parses and normalizes outputs from all tools
  • Identifies fixed vulnerabilities
  • Detects newly introduced issues
  • Validates security regression tests
  • Generates side-by-side comparison
  • Provides net security impact analysis
  • Gives merge recommendation

Deduplication and Correlation

Intelligent Deduplication

Neo identifies duplicate findings across tools: Example: Same SQL injection found by multiple tools:
  • Semgrep: “SQL injection via string concatenation in user_service.py:45”
  • CodeQL: “SQL query built from user input in user_service.py:45”
  • Manual testing: “SQLi in /api/users endpoint”
Neo consolidates into: 
Finding: SQL Injection in User Search
Location: user_service.py, line 45
Endpoint: /api/users
Severity: Critical (CVSS 9.8)
Detected by: Semgrep, CodeQL, Manual Testing
Confidence: High (3 independent confirmations)

Cross-Tool Correlation

Neo links related findings to identify attack chains: Example correlation:
  1. Semgrep finds: “Hardcoded AWS credentials in config.py”
  2. Trivy finds: “Overly permissive IAM role for S3 bucket”
  3. Manual test finds: “Unrestricted S3 bucket listing”
Neo correlates into attack chain: 
Attack Chain: AWS Data Exposure
Severity: Critical
Impact: Complete S3 data breach possible

Chain:
1. Hardcoded AWS credentials (config.py:12)
   → Attacker can authenticate to AWS
2. Overly permissive IAM role
   → Credentials grant s3:* permissions
3. Unrestricted bucket listing
   → Attacker can enumerate and download all data

Combined Risk Score: 10.0
Recommendation: Immediate remediation required

Custom Report Templates

Compliance Report (SOC 2, ISO 27001, PCI DSS)

Prompt example: “Generate SOC 2 security controls evidence report. Map all security findings and testing results to SOC 2 Trust Service Criteria. Identify control gaps and remediation status.” What Neo does:
  • Maps findings to SOC 2 criteria (CC1-CC9)
  • Identifies control effectiveness
  • Tracks remediation evidence
  • Generates audit-ready documentation
  • Provides control gap analysis
  • Creates remediation timeline

Board-Level Security Report

Prompt example: “Create a quarterly board presentation on cybersecurity posture. Include high-level metrics, risk trends, major incidents, remediation progress, and security investments ROI.” What Neo does:
  • Aggregates quarter’s security data
  • Calculates business-relevant metrics
  • Highlights major security events
  • Shows remediation progress
  • Provides industry benchmarking
  • Creates executive presentation slides
  • Uses non-technical language
  • Focuses on business impact and risk

Tips for Effective Security Reporting

Organize Your Tool Outputs

Store all security tool outputs in Files with consistent naming: 
security-scans/
  2024-11-03/
    semgrep-backend.json
    trivy-dependencies.json
    nuclei-web.json
    manual-pentest.md

Tag Findings for Better Tracking

Use consistent tagging:
  • By component: backend, frontend, infrastructure
  • By team: platform-team, security-team
  • By priority: p0, p1, p2
  • By release: v3.2, v3.3

Automate Regular Reporting

Set up scheduled reports:
  • Daily: Critical finding alerts
  • Weekly: Team-specific vulnerability reports
  • Monthly: Executive metrics and trends
  • Quarterly: Compliance and audit reports

Customize Reports for Audience

Different stakeholders need different information:
  • Developers: Code-level details, remediation examples
  • Security team: Technical depth, attack vectors, exploitability
  • Management: Metrics, trends, business impact
  • Executives: Risk posture, compliance, ROI
  • Auditors: Evidence, controls, compliance mapping