Application Review Reports
The One Code can generate branded, AI-written Application Review reports — comprehensive quarterly business review documents that summarize a client's software health, backup coverage, security posture, technical debt, and compliance status. These are designed to be shared directly with clients as evidence of the MSP's value.
What Is an Application Review Report?
An Application Review report is a formal document suitable for presenting to a client's IT leadership or executive team. It's structured like a QBR presentation — executive summary, current state, risks, and forward-looking recommendations.
Reports are generated in minutes by aggregating data already collected in The One Code and using AI to write the narrative sections.
Report Sections
You can include or exclude any combination of seven sections:
| Section | What It Contains |
|---|---|
| Executive Summary | AI-written paragraph summarizing the state of the client's application portfolio, key risks, and top recommendations |
| Portfolio Overview | App count, health distribution (healthy/warning/critical), tech stack breakdown, app type distribution, average health score |
| Backup Status | How many repos are backed up, last backup date, backup failures, next scheduled backup |
| Security Posture | Active secrets detected, total vulnerabilities, critical vulnerabilities, access compliance percentage |
| Technical Debt | Average debt score, worst-performing repos, trending direction (improving/stable/worsening), total estimated remediation hours |
| Compliance | SOC 2 and ISO 27001 compliance percentages, evidence gaps |
| Recommendations | AI-prioritized list of actions with effort estimates and category tags |
The report also includes:
- Next Period Goals — AI-generated goals for the next reporting period based on current findings
- Branding — Your MSP logo, primary color, and company name stamped on the report
Generating a Report
- Navigate to Reports from the left sidebar
- Click Generate Report
- Configure the report:
- Title — e.g., "Q1 2026 Application Review — Acme Corp"
- Period — Start and end dates for the review period
- Client — Optionally filter to a specific client (or leave blank for all)
- Sections — Select which sections to include
- Branding — Logo URL, primary color, company name
- Click Generate
The report is assembled from existing data (no additional GitHub API calls required). The AI-written sections (executive summary and recommendations) call Claude Sonnet via the AI Gateway. Generation typically completes in 30–90 seconds.
Viewing and Downloading Reports
Once generated, reports appear in the Reports list. Click on a report to view it. Reports are stored as JSON and rendered in the UI.
Download: Click Download to get the report as a JSON file. This can be imported into reporting tools or formatted with your own templates.
Scheduling Recurring Reports
Rather than remembering to generate reports each quarter, schedule automatic generation:
- Navigate to Reports → Schedules
- Click New Schedule
- Configure:
- Frequency — Monthly or quarterly
- Day of month — Which day to generate the report (1–28; avoiding 29–31 prevents month-end issues)
- Sections — Which sections to include in scheduled reports
- Client — Optional client filter
- Click Save
Scheduled reports run automatically on the configured day each month or quarter. They appear in the Reports list like manually generated reports. You'll see the next_scheduled_at date on the schedule record.
To pause a scheduled report, go to the schedule and toggle Enabled off.
Trend Data
The trend data endpoint aggregates historical analysis results for a repository over time. Navigate to Reports → Trends → [Repository] to see:
- Health score over the last 12 months
- Technical debt score trend
- Vulnerability count trend
- Backup reliability over time
Use trend charts to demonstrate continuous improvement (or to identify repos that are getting worse). Including a trend chart in a QBR presentation is a powerful way to show that your managed service is working.
Report Branding
Reports support MSP branding:
- Logo URL — A publicly accessible URL to your MSP logo (PNG or SVG, recommended 400×100px)
- Primary color — A hex color code that matches your brand (used for headers and accents)
- Company name — Your MSP's name, which appears in the report header and footer
Branding is set per-report. For consistency, configure your branding defaults in your MSP's One Code settings so every generated report uses the same branding.
Sharing Reports with Clients
Reports can be shared as a download or viewed via a secure link. The download URL generated for each report is time-limited (a few hours) — for long-term sharing, keep the report in The One Code and share new download URLs as needed.
For presenting at a QBR:
- Generate the report a day before the meeting
- Download the JSON
- Present the key metrics from the executive summary and recommendations sections
- Share the download URL with the client contact for their records
Report Data Sources
Each section of the report pulls from specific data already collected:
| Section | Source Data |
|---|---|
| Portfolio Overview | application_profile records |
| Backup Status | repo_backup records |
| Security Posture | secret_scan results, access_audit results |
| Technical Debt | tech_debt_report records |
| Compliance | compliance_report records |
| Recommendations | AI analysis of all of the above |
If any data source is missing (e.g., no tech debt analysis has been run), that section's metrics will show as unavailable. The AI executive summary and recommendations will note which data was unavailable.