Skip to content

feat: add --report flag to generate HTML vulnerability dashboard#220

Merged
sonukapoor merged 22 commits intomainfrom
feature/issue-219-html-report
Apr 24, 2026
Merged

feat: add --report flag to generate HTML vulnerability dashboard#220
sonukapoor merged 22 commits intomainfrom
feature/issue-219-html-report

Conversation

@sonukapoor
Copy link
Copy Markdown
Collaborator

@sonukapoor sonukapoor commented Apr 24, 2026
edited
Loading

Changes

  • Adds --report [dir] flag that generates a self-contained index.html vulnerability dashboard and report.json in the specified directory (default: ./cve-report)
  • Adds --no-open flag to suppress auto-opening the report in the browser
  • Report is fully self-contained — no CDN, no server required; opens directly as a file:// URL
  • CVE Lite logo embedded as base64 so the report works for npm-installed users who have no assets/ folder

Report features:

  • Dark-theme dashboard with severity summary cards (critical / high / medium / low / total)
  • Suggested fix plan with copy-to-clipboard commands and collapsible "why skipped" breakdown
  • Findings table with filter buttons (all / critical / high / medium / direct), sortable columns, and inline row expand/collapse showing description, dependency path, and recommended action
  • CVE IDs linked to osv.dev; GHSA IDs linked to github.com/advisories
  • Official OWASP logo (with permission) + link to project page; GitHub link updated to OWASP org
image

Closes #219

sonukapoor added 19 commits April 24, 2026 09:09
@sonukapoor
chore: add .superpowers/ to .gitignore
edf4427
@sonukapoor
docs: add HTML report dashboard design spec
68116c3 
Captures the approved design for the --report flag feature: folder
output with index.html + report.json, fix plan section, sortable
filterable findings table with inline row expansion, and auto-open.
@sonukapoor
docs: add HTML report dashboard implementation plan
6e1bfed
@sonukapoor
feat: add --report and --no-open to ParsedOptions and arg parser
c170117
@sonukapoor
feat: add logo base64 constant for HTML report
a1e9b9c
@sonukapoor
feat: add ReportData type and buildReportData()
48d83fd
@sonukapoor
feat: implement renderHtmlReport() with full HTML template
b2bac69
@sonukapoor
fix: escape JSON in script tag, fix copy button injection, add none s…
0dc2e70 
…everity, sort findings
@sonukapoor
feat: implement writeHtmlReport() with file output and browser open
3600931
@sonukapoor
fix: clear timeout handle in openInBrowser to prevent resource leak
0a0afa9
@sonukapoor
feat: wire --report flag into scan pipeline
65c1f8b
@sonukapoor
test: assert outputDir in --report writeHtmlReport call
a757cc1
@sonukapoor
docs: add --report and --no-open to CLI help text
8bd0cf6
@sonukapoor
fix: remove re-sort in renderHtmlReport to keep row indices in sync w…
e598c8c 
…ith embedded JSON
@sonukapoor
feat: update links to OWASP URLs and add OWASP badge to report header
25e4cfb
@sonukapoor
fix: restore expand/collapse after filter by using CSS class instead …
92ddd98 
…of inline style
@sonukapoor
fix: replace invented OWASP SVG with text-only attribution per OWASP …
d23424a 
…mark guidelines
@sonukapoor
feat: add collapsible skipped-fixes section to fix plan in HTML report
88a9f94
@sonukapoor
feat: replace text attribution with official OWASP logo SVG in report…
2361d59 
… header
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 24, 2026
View reviewed changes
Comment thread src/output/html-reporter.ts Fixed
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 24, 2026
View reviewed changes
Comment thread src/output/html-reporter.ts Dismissed
@sonukapoor sonukapoor merged commit e694fcc into main Apr 24, 2026
4 checks passed
@sonukapoor sonukapoor deleted the feature/issue-219-html-report branch April 24, 2026 21:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: add --report flag to generate HTML vulnerability report

2 participants

@sonukapoor @github-advanced-security