{# Defensive defaults block — placed BEFORE the render-mode gate per the E.1/E.2/E.3/1c.1/1c.2 pattern. Customer Brief's transform returns 18 keys (16 always + 2 mode-conditional). Defensive guards coerce non- mapping / non-iterable upstream values so the template never crashes on data drift. #} {% set summary = summary | default({}) %} {% if summary is string or summary is not mapping %}{% set summary = {} %}{% endif %} {% set triage_summary = triage_summary | default({}) %} {% if triage_summary is string or triage_summary is not mapping %}{% set triage_summary = {} %}{% endif %} {% set remediation_highlights = remediation_highlights | default({}) %} {% if remediation_highlights is string or remediation_highlights is not mapping %}{% set remediation_highlights = {} %}{% endif %} {% set sbom_stats = sbom_stats | default({}) %} {% if sbom_stats is string or sbom_stats is not mapping %}{% set sbom_stats = {} %}{% endif %} {% set scan_metadata = scan_metadata | default({}) %} {% if scan_metadata is string or scan_metadata is not mapping %}{% set scan_metadata = {} %}{% endif %} {% set severity_distribution = severity_distribution | default({}) %} {% if severity_distribution is string or severity_distribution is not mapping %}{% set severity_distribution = {} %}{% endif %} {% set reachability_summary = reachability_summary | default({}) %} {% if reachability_summary is string or reachability_summary is not mapping %}{% set reachability_summary = {} %}{% endif %} {% set exploit_maturity_summary = exploit_maturity_summary | default({}) %} {% if exploit_maturity_summary is string or exploit_maturity_summary is not mapping %}{% set exploit_maturity_summary = {} %}{% endif %} {% set top_findings = top_findings | default([]) %} {% if top_findings is mapping or top_findings is string or top_findings is not iterable %}{% set top_findings = [] %}{% endif %} {% set detailed_findings = detailed_findings | default([]) %} {% if detailed_findings is mapping or detailed_findings is string or detailed_findings is not iterable %}{% set detailed_findings = [] %}{% endif %} {% set component_risk_ranking = component_risk_ranking | default([]) %} {% if component_risk_ranking is mapping or component_risk_ranking is string or component_risk_ranking is not iterable %}{% set component_risk_ranking = [] %}{% endif %} {% set component_license_distribution = component_license_distribution | default([]) %} {% if component_license_distribution is mapping or component_license_distribution is string or component_license_distribution is not iterable %}{% set component_license_distribution = [] %}{% endif %} {% set top_security_risks = top_security_risks | default([]) %} {% if top_security_risks is mapping or top_security_risks is string or top_security_risks is not iterable %}{% set top_security_risks = [] %}{% endif %} {% set mode = mode | default('summary') %} {% set domain = domain | default('') %} {% set organization = organization | default('') %} {% set cover_image_b64 = cover_image_b64 | default('') %} {# components_missing_license must be int — the Component Licenses footnote does `> 0` comparison. Coerce defensively (round-1 multi-review M3-4 patch). #} {% set _cml_raw = components_missing_license | default(0) %} {% set components_missing_license = (_cml_raw | int) if _cml_raw is number or (_cml_raw is string and _cml_raw.isdigit()) else 0 %} {# generated_at default — keeps cover card / pdf-header / status_bar from rendering bare empty strings (round-1 multi-review M1-7 patch + round-2 M3-1 follow-up: `| default('—')` only fires on UNDEFINED, not on empty-string or None. Use `or '—'` so falsey strings + None also resolve to the visible fallback). #} {% set generated_at = generated_at or '—' %} {% import "_console_macros.html" as fs with context %} {# E1: single brand-resolution path — the configured logo (config.logo) resolved centrally to logo_path (full data-URI), bundled FS wordmark as fallback. Replaces the old logo_image_b64 raw-base64 PNG that IGNORED config.logo. fs.default_logo_data_uri() is the same bundled asset every other report falls back to. Computed AFTER the macro import so the fallback macro is in scope. #} {% set cb_logo = logo_path if (logo_path is defined and logo_path) else fs.default_logo_data_uri() %} {% if render_mode != 'fragment' %}
{% if domain %}{% endif %}Finite State provides comprehensive software supply chain security through automated binary analysis, vulnerability management, and compliance monitoring. Our platform identifies security risks in firmware, embedded systems, and software components.
This report provides a security risk summary for {% if scan_metadata.get('project_name') %}{{ scan_metadata.get('project_name') }}{% endif %} {% if scan_metadata.get('version_name') %} version {{ scan_metadata.get('version_name') }}{% endif %}. It includes severity distribution, exploit maturity analysis, component risk rankings, and actionable remediation guidance.
| CVE ID | Severity | Component | Version | CVSS | Reachability | KEV | Exploit | VEX Status |
|---|---|---|---|---|---|---|---|---|
{% if detail %} {% endif %}
{% if domain and f.get('project_id') and f.get('project_version_id') and f.get('finding_id') %}
{{ f.get('cve_id', '—') }}
{% else %}
{{ f.get('cve_id', '—') }}
{% endif %}
|
{{ f.get('severity', 'UNKNOWN') }} | {{ f.get('component', '—') }} | {{ f.get('component_version', '—') }} | {{ "%.1f"|format(f.get('cvss_score') | float) if f.get('cvss_score') else "—" }} | {% if f.get('reachability_score') is not none %}{% set _rs = f.get('reachability_score') | float %}{% if _rs > 0 %}Reachable{% elif _rs < 0 %}Unreachable{% else %}—{% endif %}{% else %}—{% endif %} | {% if f.get('in_kev') %}KEV{% else %}—{% endif %} | {% if f.get('has_exploit') %}Exploit{% else %}—{% endif %} | {{ status_labels.get(f.get('status', '—'), f.get('status', '—')) }} |
|
||||||||
{{ f.get('cve_id', '—') }}
{% else %}
{{ f.get('cve_id', '—') }}
{% endif %}
{{ f.get('severity', 'UNKNOWN') }}
CVSS {{ "%.1f"|format(f.get('cvss_score', 0) | float) }}
| CVE ID | Severity | Component | Version | CVSS | EPSS %ile | KEV | Exploit |
|---|---|---|---|---|---|---|---|
{{ f.get('cve_id', '—') }} |
{{ f.get('severity', 'UNKNOWN') }} | {{ f.get('component', '—') }} | {{ f.get('component_version', '—') }} | {{ "%.1f"|format(f.get('cvss_score') | float) if f.get('cvss_score') else "—" }} | {{ "%.1f"|format((f.get('epss_percentile') | float) * 100) if f.get('epss_percentile') else "—" }}{% if f.get('epss_percentile') %}%{% endif %} | {% if f.get('in_kev') %}KEV{% else %}—{% endif %} | {% if f.get('has_exploit') %}Exploit{% else %}—{% endif %} |
{{ exploit_maturity_summary.get('total_with_exploits', 0) }} finding(s) with known exploit intelligence
| Component | Version | Critical | High | Medium | Low | Total | Risk Score |
|---|---|---|---|---|---|---|---|
| {{ c.get('component', '—') }} | {{ c.get('component_version', '—') }} | {{ c.get('critical', 0) }} | {{ c.get('high', 0) }} | {{ c.get('medium', 0) }} | {{ c.get('low', 0) }} | {{ c.get('total', 0) }} | {{ c.get('risk_score', 0) }} |
{{ components_missing_license }} additional component{% if components_missing_license != 1 %}s{% endif %} not shown — no license metadata recorded in the SBOM.
{% endif %}{{ card.get('top_cve', '—') }} · CVSS {{ "%.1f"|format(card.get('worst_cvss', 0) | float) }}No Gate 1 findings identified.
{% endif %}{{ card.get('top_cve', '—') }} · CVSS {{ "%.1f"|format(card.get('worst_cvss', 0) | float) }}No Gate 2 findings identified.
{% endif %}Total Components: {{ sbom_stats.get('total_components', 0) }}