So you've signed up for ScanAlert and have your weekly report. If you have notices, here are what the different types of notices and their levels mean.
PCI / SAS FBI report is a survey. Fill this out on the scan alert site to explain to Visa and Mastercard the security precautions that your business is taking on the site to protect users credit card numbers etc. This has nothing to do with a vulnerability on the site.
Level 1 issues are notices about things that ScanAlert finds, such as a welcome banner on port 80 or that you're using a shared IP number etc. These are not items to be concerned about.
Level 2 has notices also about firewalls, mailing programs etc - things that are needed by the control panel to operate. The items can usually be set to resolved as these upgrades are taken care of on the server level. Level 1 and 2 notices are not items that affect the display of the certificate or the security of the server.
Level 3 are notices about vulnerabilities - these must be resolved by us in order to keep the status OK.
Level 4 and 5 are critical issues that involve the server.