Resources
Learn to read what Violet finds. Then ship the fix.
Documentation, guides, and honest explanations of what a pentest report actually means — written by people who've handed them off to busy engineers.
Reading reports· 15 min
How to read a pentest report without panicking
Severity vs urgency, CVSS demystified, triage on Monday morning, and closing findings honestly. The featured overview.
Updated · May 9, 2026Read →
Getting started· 4 min
Your first pentest in five minutes
Sign up, paste your target URL, configure auth if needed, and watch the pipeline run.
Updated · May 9, 2026Read →
Methodology· 8 min
Inside the exploitation phase
How Violet turns hypothesized attack paths into reproducible proof using the browser and CLI.
Updated · May 9, 2026Read →
Methodology· 8 min
Source code on or off? When to connect your repo
How source access guides attacks and reduces false positives — and when a black-box scan is the right call.
Updated · May 9, 2026Read →
Reading reports· 4 min
Severity is not urgency
A critical-severity bug behind an IP allowlist can wait. A medium on your unauthenticated signup form cannot.
Updated · May 9, 2026Read →
Reading reports· 6 min
Anatomy of a finding
Description, proof of concept, evidence, impact, likelihood, recommendation, verification — what each part is telling you.
Updated · May 9, 2026Read →
Reading reports· 5 min
CVSS, demystified
How to read a CVSS v3.1 vector string in plain English. Each metric explained. Why the string is more useful than the number.
Updated · May 9, 2026Read →
Reading reports· 4 min
Triage on Monday morning
Twelve new findings, 45 minutes before standup. The decision tree for sorting them — and the printable cheatsheet.
Updated · May 9, 2026Read →
Remediation· 5 min
Remediation SLAs
24h / 7d / 30d / 90d as a decision framework, not a deadline gun. How to drive a re-test that actually proves the fix.
Updated · May 9, 2026Read →
Security· 10 min
Scanning production safely: rate limiting & scope rules
How to run Violet against a live production target without melting it. Rate limits, focus/avoid rules, and the out-of-scope paths you always want to set.
Updated · May 9, 2026Read →
Security· 5 min
How Auto-rate works
How Violet probes your target before recon, picks a per-target crawler rate from four tiers, the WAF allow-list header you can use, and how to override.
Updated · May 12, 2026Read →
Documentation
Sign up, run your first pentest, read your report.
Open docs →
Changelog
What shipped this month — new agent capabilities, coverage expansions, bug fixes.
Read the changelog →
Methodology
Exactly what Violet does in each of the five phases — and what it refuses to do.
Read the book →
About the author
Jake writes the Violet resources hub. Founder of Violet, hands-on with the agent every day. All guides reflect what Violet actually does today, not what it might do later.
Spot something out of date? Email the team.