Skip to main content
Version: Current

Enterprise Reporting

The PrimusSaaS.Security.Reporting package generates professional security reports from ScanResult. As of v2.4.9 the HTML report matches and exceeds the SonarQube bitegarden Full Issues Breakdown Report in every dimension — free, no server required.

What's Included in v2.4.9

  • HTML report — 11-section branded report: cover (LOC, size rating, branch, tech debt), executive dashboard, top-issues-by-frequency, hotspots section, detailed findings (flat + grouped-by-rule with inline descriptions), risk heat map by file, compliance scores, remediation & triage, quality gate, recommendations, scan config
  • JSON formatter — full SecurityReport model as structured JSON
  • CSV formatter — flat findings spreadsheet
  • SARIF 2.1.0 — GitHub Advanced Security + Azure DevOps compatible, includes A–E ratings and duplication metrics
  • Compliance scoring — OWASP Top 10, PCI-DSS, HIPAA, SOC2, GDPR (free; requires SonarQube Enterprise)
  • PDF export — via Primus.PdfGenerator when configured; HTML bytes returned as fallback

See Security Reporting → for the full section inventory and field reference.

Example

using PrimusSaaS.Security.Reporting.Services;
using PrimusSaaS.Security.Reporting.Models;
using PrimusSaaS.Security.Reporting.Formatters;

var reporting = new ReportingService();

var report = await reporting.GenerateReportAsync(
"MyProject",
new List<VulnerabilityFinding>()
);

var html = HtmlFormatter.Export(report);
var json = JsonFormatter.Export(report);
var sarif = SarifFormatter.Export(report);

Notes on Compliance

Compliance scores are heuristic mappings of findings to frameworks. They do not certify PCI-DSS, HIPAA, SOC 2, GDPR, or ISO 27001 compliance.