What's the best method to creating a report that shows vulnerabilities for which there is "No Patch – Vulnerabilities for which there isn’t a fix from the vendor" ?
I would recommend creating a dynamic search called "No vendor patches" for example and have the option "No Patch Solution"
Then create a new scan report template that uses this search list.
Then running that report will show you any vulnerabilities discovered on your assets, as defined in "Findings" that have no patches.
I would the search list suggested above, and perhaps go a bit deeper. I like to cast a bit of wider net, by also creating search lists for:
Retrieving data ...