i think maybe you can find a good information in google about it and can find good samples
take a look at this one and you can find many others:
I've found it useful to have a go with one of the scanners as this will give you an actual live report. Openvas is a free one that you can download and will just require a virtual machine to get started. GFI Languard and Nessus offer 30 day + evaluations to have a go with a paid product. The report results differ with the type of device and scan you perform. What are you wanting to do a report on?
Appendix K of the NIST Guide for Conducting Risk Assessments provides with a list of potentially all the information that your report should include. The length of the report is dependent on your writing style but should be long enough to cover the requirements that you are seeking to fulfill and with enough detail to show that you know what you are talking about.
If you are looking for a scan report then these are some the items the report should have.
I am assuming its a VA/PT report , not VA alone . I suggest to refer to some sample reports from EC-Council , OWASP & SANS.org .
Please refer to link below .
With Regards ,
PT is a next or further step to VA , other way to explain is , VA is the first step to PT .
Thank you for your help!