Skip to main content
Version: 2026.04.0

Enterprise Reporting

The PrimusSaaS.Security.Reporting package generates professional security reports from ScanResult. As of v2.4.9 the HTML report matches and exceeds the SonarQube bitegarden Full Issues Breakdown Report in every dimension — free, no server required.

What's Included in v2.4.9

  • HTML report — 11-section branded report: cover (LOC, size rating, branch, tech debt), executive dashboard, top-issues-by-frequency, hotspots section, detailed findings (flat + grouped-by-rule with inline descriptions), risk heat map by file, compliance scores, remediation & triage, quality gate, recommendations, scan config
  • JSON formatter — full SecurityReport model as structured JSON
  • CSV formatter — flat findings spreadsheet
  • SARIF 2.1.0 — GitHub Advanced Security + Azure DevOps compatible, includes A–E ratings and duplication metrics
  • Compliance scoring — OWASP Top 10, PCI-DSS, HIPAA, SOC2, GDPR (free; requires SonarQube Enterprise)
  • PDF export — via Primus.PdfGenerator when configured; HTML bytes returned as fallback

See Security Reporting → for the full section inventory and field reference.

Example

using PrimusSaaS.Security.Reporting.Services;
using PrimusSaaS.Security.Reporting.Models;
using PrimusSaaS.Security.Reporting.Formatters;

var reporting = new ReportingService();

var report = await reporting.GenerateReportAsync(
"MyProject",
new List<VulnerabilityFinding>()
);

var html = HtmlFormatter.Export(report);
var json = JsonFormatter.Export(report);
var sarif = SarifFormatter.Export(report);

Notes on Compliance

Compliance scores are heuristic mappings of findings to frameworks. They do not certify PCI-DSS, HIPAA, SOC 2, GDPR, or ISO 27001 compliance.