Skip to content

Fix: HTML report drops all AI findings#139

Merged
advaitpatel merged 1 commit into
mainfrom
fix/html-ai-findings
Jul 4, 2026
Merged

Fix: HTML report drops all AI findings#139
advaitpatel merged 1 commit into
mainfrom
fix/html-ai-findings

Conversation

@advaitpatel

Copy link
Copy Markdown
Collaborator

Summary

The HTML report never rendered the AI/LLM findings. It only rendered
Trivy's package vulnerabilities from json_data, so an AI-only run
(Dockerfile analysis with no image, e.g. docksec Dockerfile --provider anthropic) produced an HTML report showing nothing but the security
score — even though the terminal reported dozens of findings across
vulnerabilities, best practices, security risks, exposed credentials,
and remediation steps.

Because the terminal output is intentionally truncated to a few items
per section (... and 7 more), and the PDF/JSON reports were the only
place the full list lived, the HTML report — the format most users open
— left those findings effectively unreachable.

This is the sibling of the 2026.7.3 fix ("AI analysis without an image
wrote no report"): that made AI-only runs write a report at all; this
makes the HTML report actually contain the AI findings.

Changes

  • report_generator.py: new _build_ai_analysis_html() renders all
    five AI finding categories in full (untruncated), each with a count,
    HTML-escaped, reusing the existing .section / .config-list styles
    so it matches the current theme. Wired into
    _prepare_html_template_vars; renders empty for scanner-only runs.
  • templates/report_template.html: added the {{AI_ANALYSIS_SECTION}}
    placeholder after Configuration Analysis.
  • tests/test_report_generator.py: added tests covering full rendering
    (all findings present, with counts), HTML escaping, and omission of
    the section when there are no AI findings.
  • docs/CHANGELOG.md: Fixed entry under Unreleased.

Testing

  • Reproduced the reported scenario: the AI-only HTML report now shows
    the complete finding list (all items, not the truncated preview),
    including findings previously cut mid-sentence in the terminal.
  • HTML entities in findings are escaped.
  • Full suite: 178 passed (175 existing + 3 new).

Scope

HTML path only. Terminal truncation is unchanged by design (compact
view); PDF and JSON already rendered these findings.

@github-actions github-actions Bot added documentation Improvements or additions to documentation reports Changes to report generation tests Changes to the test suite labels Jul 4, 2026
@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@advaitpatel advaitpatel merged commit b62a7d7 into main Jul 4, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation reports Changes to report generation tests Changes to the test suite

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant