what about a custom theme? - I've seen some pretty nasty themes around the place... in any case, the hard part will be educating your client on the validity of this sort of report and it's unlikely they will be satisfied by pointing them at the discussion forum here.
If you are continuing to have issues communicating this with your client you could contract one of the larger Moodle Partners to provide you with support to help meet your clients requirements around security. If they require a security audit there are a few companies around that can provide a much higher quality report than what is available from an automated tool - but these will all come at an added cost.
If you are continuing to have issues communicating this with your client you could contract one of the larger Moodle Partners to provide you with support to help meet your clients requirements around security. If they require a security audit there are a few companies around that can provide a much higher quality report than what is available from an automated tool - but these will all come at an added cost.