Configuration Analysis Triage Report

{% if folder_path %} Folder: {{ folder_path }}{% if is_single_project and single_project_name %} / Project: {{ single_project_name }}{% endif %} — Config, Secrets & Crypto Triage {% elif is_single_project and single_project_name %} Project: {{ single_project_name }} — Config, Secrets & Crypto Triage {% else %} Config, Secrets & Crypto Triage {% endif %}

Report: {{ recipe_name }} | Generated: {{ generated_at }} | {% if metadata and metadata.start_date and metadata.end_date %} Period: {{ metadata.start_date }} to {{ metadata.end_date }} | {% endif %} Records: {{ metadata.transformed_count if metadata and metadata.transformed_count else 'N/A' }}

{% if portfolio_summary %}

CRITICAL

HIGH

MEDIUM

LOW

INFO

TOTAL

{% endif %}

Priority Band Distribution

Distribution of findings across risk priority bands.

Gate Classification Funnel

How findings flow through Gate 1 (Private Keys), Gate 2 (Credentials), Gate 3 (Config Issues), and additive scoring.

Category Breakdown

Finding counts by category: cryptographic material, credentials, and configuration issues.

{% if project_summary_df is defined and project_summary_df|length > 1 %}

Project Risk Summary

Per-project breakdown showing band counts. Projects sorted by CRITICAL count descending.

{% endif %}

Scoring Methodology

This report uses a tiered-gates scoring model that prioritizes configuration, credential, and cryptographic material findings based on their risk characteristics.

{% if scoring_config and scoring_config.gates %} {% for gate in scoring_config.gates %}

{{ gate.name | replace('_', ' ') | title }} — {{ gate.band }} (score={{ gate.score }})

CRYPTO_MATERIAL findings with private_key=True
CREDENTIALS with severity CRITICAL or HIGH
CONFIG_ISSUES with severity CRITICAL or HIGH
{{ gate.description | default(gate.name) }}

{% endfor %} {% endif %} {% if scoring_config and scoring_config.weights %}

Additive Scoring (Remaining Findings)

Severity: critical={{ scoring_config.weights.severity_critical|default(0) }}, high={{ scoring_config.weights.severity_high|default(0) }}, medium={{ scoring_config.weights.severity_medium|default(0) }}, low={{ scoring_config.weights.severity_low|default(0) }}
Risk: 0–{{ scoring_config.weights.risk_max|default(0) }} points (scaled from API risk score)
VEX resolved: {{ scoring_config.weights.vex_resolved|default(0) }} points

Bands: HIGH ≥ {{ scoring_config.weights.band_high_threshold|default(0) }}, MEDIUM ≥ {{ scoring_config.weights.band_medium_threshold|default(0) }}, LOW ≥ {{ scoring_config.weights.band_low_threshold|default(0) }}, INFO < {{ scoring_config.weights.band_low_threshold|default(0) }}

{% endif %}

{% if project_summary_df is defined and project_summary_df|length > 0 and not is_single_project %}

Project Risk Summary

{% for row in project_summary_df %} {% endfor %} {% if project_summary_df|length > 10 %} {% endif %}

Project	CRITICAL	HIGH	MEDIUM	LOW	INFO	Total
{% if domain and row.project_id is defined and row.project_id %} {{ row.project_name }} {% else %} {{ row.project_name }} {% endif %}	{% if row.CRITICAL\|default(0) > 0 %}{{ row.CRITICAL }}{% else %}0{% endif %}	{% if row.HIGH\|default(0) > 0 %}{{ row.HIGH }}{% else %}0{% endif %}	{% if row.MEDIUM\|default(0) > 0 %}{{ row.MEDIUM }}{% else %}0{% endif %}	{{ row.LOW\|default(0) }}	{{ row.INFO\|default(0) }}	{{ row.total\|default(0) }}

{% endif %} {% if findings_df is defined and findings_df|length > 0 %}

Findings Detail (Top 100 by Priority)

{% for row in findings_df[:100] %} {% endfor %} {% if findings_df[:100]|length > 10 %} {% endif %}

Title	Category	Severity	Band	Score	Gate	Material Type	Private Key	File Path	Component	Project	VEX Status
{% if domain and row.project_id and row.version_id and row.id %} {{ row.title\|default('—') }} {% else %} {{ row.title\|default('—') }} {% endif %}	{% set cat = row.category\|default('') %} {% if cat %} {{ cat }} {% else %}—{% endif %}	{{ row.severity\|default('—') }}	{{ row.priority_band\|default('INFO') }}	{{ row.triage_score\|default(0) }}	{{ row.gate_assignment if row.gate_assignment and row.gate_assignment != 'NONE' else '—' }}	{{ row.detail_material_type\|default('—') }}	{% if row.detail_private_key is defined and row.detail_private_key is not none and row.detail_private_key\|string not in ('', 'None', 'nan') %} {% if row.detail_private_key == true or row.detail_private_key\|string\|lower == 'true' %} 🔑 Yes {% else %} No {% endif %} {% else %}—{% endif %}	{% if row.detail_file_path\|default('') %} `{{ row.detail_file_path }}` {% else %}—{% endif %}	{% if domain and row.project_id and row.version_id and row.component_id %} {{ row.component_name\|default('—') }}{% if row.component_version\|default('') %} {{ row.component_version }}{% endif %} {% else %} {{ row.component_name\|default('—') }}{% if row.component_version\|default('') %} {{ row.component_version }}{% endif %} {% endif %}	{% if domain and row.project_id %} {{ row.project_name\|default('—') }} {% else %} {{ row.project_name\|default('—') }} {% endif %}	{% if row.status is defined and row.status and row.status\|string not in ('', 'nan', 'None') %} {{ row.status }} {% else %} — {% endif %}

{% endif %} {% if vex_recommendations is defined and vex_recommendations|length > 0 %}

VEX Recommendations

Recommended VEX triage actions for un-triaged findings. Apply with fs-report apply-vex.

{% for rec in vex_recommendations %} {% endfor %} {% if vex_recommendations|length > 10 %} {% endif %}

Finding ID	Category	Severity	Score	Band	Gate	Recommended Status	Reason
{{ rec.finding_common_id\|default(rec.finding_id)\|default('—') }}	{% set rcat = rec.category\|default('') %} {% if rcat %} {{ rcat }} {% else %}—{% endif %}	{{ rec.severity\|default('—') }}	{{ rec.triage_score\|default(0) }}	{% set rband = rec.priority_band\|default('INFO') %} {{ rband }}	{{ rec.gate if rec.gate and rec.gate != 'NONE' else '—' }}	{% set rstatus = rec.recommended_status\|default('') %} {% if rstatus %} {{ rstatus }} {% else %}—{% endif %}	{{ rec.reason\|default('—') }}

{% endif %}