Frequently Asked Questions

Penarc is an all-in-one pentest management platform designed by pentesters, for pentesters. It centralizes the entire vulnerability lifecycle allowing security teams to log findings, generate AI-powered reports, sync directly with Jira, and provide clients with a real-time portal to track remediation.

Penarc is built for penetration testers, security consulting firms, and internal security teams who want to eliminate the manual overhead of writing reports in Word and focus more time on actual testing.

On average, pentesters spend 40–60% of an engagement just writing and formatting reports. Penarc cuts reporting time by up to 75%, saving an average of 12 hours per pentester, per report, by automating finding generation, formatting, and QA cycles.

With a single click, Penarc’s AI auto-generates the hard parts of your report. It writes complete finding descriptions, business impacts in plain English, step-by-step remediation guidance, and automatically maps the correct CWE IDs and CVE references. All AI-generated content is fully editable before publishing.

No. Penarc features a centralized Content Library with hundreds of community-reviewed and approved vulnerability writeups. You can instantly pull these pre-formatted findings into your report, or build and store your own custom narrative blocks, OWASP/NIST test cases, and runbooks to ensure team-wide consistency.

Yes. You can bypass manual logging entirely by directly importing your data into Penarc. In addition to supporting standard scanner imports (like Nessus, Burp Suite, and Qualys), Penarc features an intelligent Folder Import workflow. Simply upload a local folder containing your finding notes and PoC screenshots. By naming the folder after the actual vulnerability (e.g., 'Stored XSS'), our AI will automatically read the folder name, parse the contents, and auto-fill your findings table. Any PoC images inside the folder are automatically extracted and numbered sequentially (e.g., 1, 2) within the report body. The AI will generate all the necessary vulnerability data including description, impact, and remediation which you can then review, edit, and approve before finalizing the report.

While Penarc offers a live digital experience, you can instantly download a polished, client-ready PDF report. You can use our built-in branded templates or bring your own DOCX templates. The export includes an executive summary, severity charts, full findings, and remediation guidance.

Instead of sending a static PDF via email that is immediately out of date, you can invite clients to a white-labeled Client Portal. Clients can log in to view their findings live, track remediation progress, submit evidence of fixes, and verify closures in real time.

Yes. Penarc features smart, bi-directional Jira synchronization. Every field from title to CVSS-based severity is intelligently mapped to Jira workflow states and priority levels. Updates made in Jira or Penarc reflect instantly on both sides, ensuring zero manual ticket duplication.

Yes, we offer a 14-day free demo upon request. This trial grants your team full access to evaluate Penarc’s AI generation, reporting workflows, and integrations completely risk-free. You can request a demo at https://penarc.ai/request-demo.

Because we provide a comprehensive 14-day free demo to evaluate the platform before purchase, Penarc generally does not offer refunds for active monthly or annual subscriptions. You can cancel your subscription at any time, and you will retain access to the platform until the end of your current billing cycle.

Security is our foundation. Your vulnerability data and client information remain entirely yours. Furthermore, we actively support the independent security research community. We maintain a Vulnerability Disclosure Policy (VDP) with Safe Harbor protections. Researchers who find valid, high-severity vulnerabilities can report them to info@penarc.ai.