Outputs

This project generates static, shareable artifacts under the configured output directory (default: output/).

Output layout

By default, the pipeline creates one subfolder per input CSV:

output/
  run_summary.json                # written by the CLI (summary across all processed files)
  <csv_name>/                     # e.g. my_scan.csv -> output/my_scan/
    index.html                    # main report (technical + descriptive)
    run.json                      # optional (run metadata used to rebuild index.html)
    candidates.json               # optional (written on dry-run / ingestion-only path)
    assets/
      style.css                   # report styling
      logo.jpg                    # optional branding (when enabled and available)
      ...                         # other static assets copied from the assets source dir

<csv_name> is the input file stem (for example, my_scan.csv becomes output/my_scan/).

Per-report folder (`output/<csv_name>/`)

`index.html` (the deliverable)

This is the main artifact to share with stakeholders.

It includes:

Header metadata: report title, source CSV path, generation timestamp
Prioritization table: Top X items with severity, QID, title, and justification
Summary / table of contents: quick navigation links to each selected item
Technical report section (per selected item):
- Evidence summary (counts, ports/protocols, sample hosts/IPs)
- Technical impact (when available)
- Scan results snippet (sample/original, when available)
- Remediation plan
- Post-fix validation steps
Descriptive report section (per selected item):
- Description, exploitation, impacts, best practices, references (when available)

How to open it:

Open index.html in a browser.
Keep the assets/ folder next to it (relative link: assets/style.css).

`assets/` (static resources)

This folder is copied into each report directory so the report is self-contained.

Typical contents:

style.css: the report stylesheet
Branding/logo files (when enabled in configuration and present in the assets source)

`run.json` (optional run metadata)

When enabled, this file stores the render model used to build the report (safe for re-rendering and audits).

Primary uses:

Rebuild index.html later using the current template/escaping rules.
Troubleshoot/report diffing by comparing models across runs.

Note: the CLI includes a normalize-assets command that can optionally rewrite index.html from run.json as a best-effort “sanitization”/standardization step.

`candidates.json` (optional shortlist candidates)

This file is written on the dry-run / ingestion-only path and contains the candidate vulnerability aggregates considered for selection/LLM.

Primary uses:

Quickly validate that ingestion/aggregation is correct before running LLM enrichment.
Inspect what would have been considered for prioritization.

Output root summary (`output/run_summary.json`)

When you run the pipeline via the CLI command that processes multiple files, it writes a run_summary.json under the output root.

It is intended to be a safe, high-level summary (no secrets) and typically includes:

Count of successful vs failed files
Whether the run was dry_run
A per-file list with status and output directory path

Notes on portability

Reports are static (no server required).
If you move a report folder, move index.html together with assets/.
If you plan to host the report, any static hosting that serves HTML/CSS is sufficient.

PreviousPrimary Audiences NextIntegrations

hashtagOutput layout

hashtagPer-report folder (output/<csv_name>/)

hashtagindex.html (the deliverable)

hashtagassets/ (static resources)

hashtagrun.json (optional run metadata)

hashtagcandidates.json (optional shortlist candidates)

hashtagOutput root summary (output/run_summary.json)

hashtagNotes on portability