WarDek is a complete compliance suite that combines an OWASP vulnerability scanner with NIS2, AI Act and GDPR compliance modules, specially designed for European SMEs.

Is my company subject to NIS2?

The NIS2 directive applies to essential and important entities in sectors such as energy, healthcare, transport, digital, etc. Use our free simulator to check.

How should I use WarDek reports in an audit?

WarDek reports provide a practical working base for your team, auditor, or compliance preparation. They are not an official certification or legal opinion.

How long does a scan take?

A complete OWASP scan typically takes between 2 and 5 minutes depending on the complexity of your website.

Absolutely. We never store your credentials. Reports are encrypted and you can delete them at any time. We are hosted in France.

Can I try before I buy?

Yes! The Free plan lets you test WarDek with 3 scans per month, no credit card required.

EXPORT FORMATS

Download and integrate scan results into your security tools and compliance workflows.

AVAILABLE FORMATS

Format	Extension	Content-Type	Plan
JSON	`.json`	`application/json`	ALL PLANS
YAML	`.yaml`	`application/x-yaml`	ALL PLANS
CSV	`.csv`	`text/csv`	ALL PLANS
PDF	`.pdf`	`application/pdf`	ALL PLANS
SARIF	`.sarif`	`application/sarif+json`	ENTERPRISE

API ENDPOINT

GET/api/scans/:id/export?format=json|yaml

curl https://wardek.io/api/scans/scan_abc123/export?format=json \
  -H "Authorization: Bearer ssk_live_..." \
  -o report.json

JSON EXPORT

Full scan data as structured JSON. Ideal for programmatic processing, dashboards, and integration with security information and event management (SIEM) tools.

scan-report.json

{
  "id": "scan_abc123def456",
  "url": "https://example.com",
  "score": 87,
  "grade": "B+",
  "createdAt": "2026-03-14T10:30:00Z",
  "duration": 12340,
  "results": [
    {
      "name": "headers",
      "score": 82,
      "weight": 12,
      "findings": [
        {
          "severity": "medium",
          "title": "Missing Content-Security-Policy",
          "description": "No CSP header detected.",
          "recommendation": "Add a strict CSP header."
        }
      ]
    },
    {
      "name": "ssl",
      "score": 100,
      "weight": 11,
      "findings": []
    }
  ]
}

YAML EXPORT

Same data structure as JSON, serialized as YAML for human readability. Useful for configuration-as-code workflows and documentation.

scan-report.yaml

id: scan_abc123def456
url: https://example.com
score: 87
grade: "B+"
createdAt: "2026-03-14T10:30:00Z"
duration: 12340
results:
  - name: headers
    score: 82
    weight: 12
    findings:
      - severity: medium
        title: Missing Content-Security-Policy
        description: No CSP header detected.
        recommendation: Add a strict CSP header.
  - name: ssl
    score: 100
    weight: 11
    findings: []

PDF EXPORT

API Endpoint Coming Soon — Available in Dashboard

Professional PDF report with branded layout, executive summary, detailed findings, and remediation recommendations. Currently available via the dashboard download button.

PDF reports include the WarDek branding, scan timestamp, per-module breakdown, and a prioritized list of remediation actions.

SARIF EXPORT

ENTERPRISE

Static Analysis Results Interchange Format (SARIF v2.1.0). Industry standard for security analysis results. Integrates directly with GitHub Code Scanning, Azure DevOps, and other security platforms.

wardek-results.sarif

{
  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
  "version": "2.1.0",
  "runs": [
    {
      "tool": {
        "driver": {
          "name": "WarDek",
          "version": "1.0.0",
          "informationUri": "https://wardek.io"
        }
      },
      "results": [
        {
          "ruleId": "headers/missing-csp",
          "level": "warning",
          "message": {
            "text": "Missing Content-Security-Policy header"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "https://example.com"
                }
              }
            }
          ]
        }
      ]
    }
  ]
}

Upload SARIF results to GitHub Code Scanning with the github/codeql-action/upload-sarif action. Findings will appear as security alerts on your repository.

SCAN RESULT SCHEMA

All export formats follow the same data model. Here are the key TypeScript interfaces:

interface ScanResult {
  id: string;              // Unique scan identifier
  url: string;             // Scanned URL
  score: number;           // 0-100 weighted security score
  grade: string;           // A, B+, B, C, D, F
  createdAt: string;       // ISO 8601 timestamp
  duration: number;        // Scan duration in ms
  results: ScanModule[];   // Per-module breakdown
}

interface ScanModule {
  name: string;            // Module identifier (headers, ssl, cors...)
  score: number;           // 0-100 module score
  weight: number;          // Weight in final score calculation
  findings: Finding[];     // Detected issues
}

interface Finding {
  severity: "critical" | "high" | "medium" | "low" | "info";
  title: string;           // Short description
  description: string;     // Detailed explanation
  recommendation: string;  // How to fix
}