From 206ea6f155716ac4e4ce4f63efc9fb89e477b34d Mon Sep 17 00:00:00 2001
From: Rohit Kattimani <82595800+RohitKattimani@users.noreply.github.com>
Date: Fri, 29 May 2026 22:06:57 +0530
Subject: [PATCH 1/4] Refactor report generation and markup structure

Refactor HTML report generation to use icon mapping and improve markup structure.
---
 backend/secuscan/reporting.py | 371 ++++++++++++++++++----------------
 1 file changed, 196 insertions(+), 175 deletions(-)

diff --git a/backend/secuscan/reporting.py b/backend/secuscan/reporting.py
index fb2e8987..2afc4b81 100644
--- a/backend/secuscan/reporting.py
+++ b/backend/secuscan/reporting.py
@@ -284,46 +284,108 @@ def _format_timestamp(value: str) -> str:
         return value
 
     @classmethod
+    def _build_pdf_finding_markup(cls, finding: Dict[str, Any], target: str, critical_icon: str) -> str:
+        evidence_html = f"<h4>Evidence</h4><pre>{cls._escape_html(finding['proof'])}</pre>" if finding['proof'] else ""
+        remediation_html = f"<div class='remediation'><h4>Recommended action</h4><p>{cls._escape_html(finding['remediation'])}</p></div>" if finding['remediation'] else ""
+        cve_html = f"<p class='meta'>CVE: {cls._escape_html(finding['cve'])}</p>" if finding['cve'] else ""
+        
+        return f"""
+        <div class="finding">
+            <table class="finding-header">
+            <tr>
+                <td class="severity severity-{finding['severity'].lower()}"><img class="severity-icon" src="{critical_icon}" alt=""> {cls._escape_html(finding['severity'])}</td>
+                <td>
+                <h3>{cls._escape_html(finding['title'])}</h3>
+                <p>{cls._escape_html(finding['category'])} | {cls._escape_html_with_breaks(finding['target'] or target, " ")}</p>
+                </td>
+            </tr>
+            </table>
+            <h4>Description</h4>
+            <p>{cls._escape_html(finding['description'])}</p>
+            {evidence_html}
+            {remediation_html}
+            {cve_html}
+        </div>
+        """
+
+    @classmethod
+    def _build_web_finding_markup(cls, finding: Dict[str, Any], target: str, critical_icon: str) -> str:
+        evidence_html = f"<section><h4>Evidence</h4><pre>{cls._escape_html(finding['proof'])}</pre></section>" if finding['proof'] else ""
+        remediation_html = f"<section class='remediation'><h4>Recommended action</h4><p>{cls._escape_html(finding['remediation'])}</p></section>" if finding['remediation'] else ""
+        cve_html = f"<section class='meta'><span>CVE: {cls._escape_html(finding['cve'])}</span></section>" if finding['cve'] else ""
+
+        return f"""
+        <article class="finding-card">
+            <div class="finding-top">
+                <span class="severity severity-{finding['severity'].lower()}"><img class="mini-icon" src="{critical_icon}" alt=""> {cls._escape_html(finding['severity'])}</span>
+                <div class="finding-heading">
+                    <h3>{cls._escape_html(finding['title'])}</h3>
+                    <p>{cls._escape_html(finding['category'])} | {cls._escape_html_with_breaks(finding['target'] or target)}</p>
+                </div>
+            </div>
+            <div class="finding-body">
+                <section>
+                    <h4>Description</h4>
+                    <p>{cls._escape_html(finding['description'])}</p>
+                </section>
+                {evidence_html}
+                {remediation_html}
+                {cve_html}
+            </div>
+        </article>
+        """
+
+    @classmethod
+    def _extract_sarif_rule_id(cls, finding: Dict[str, Any]) -> str:
+        raw_rule_id = None
+        cve = finding.get("cve")
+        if cve and isinstance(cve, str) and cve.strip():
+            raw_rule_id = cve.strip()
+
+        if not raw_rule_id:
+            cwe = finding.get("cwe") or finding.get("metadata", {}).get("cwe")
+            if cwe and isinstance(cwe, str) and cwe.strip():
+                raw_rule_id = cwe.strip()
+
+        if not raw_rule_id:
+            for key in ["check_id", "plugin_rule_id", "rule_id", "id"]:
+                val = finding.get(key) or finding.get("metadata", {}).get(key)
+                if val and isinstance(val, str) and val.strip():
+                    raw_rule_id = val.strip()
+                    break
+
+        if not raw_rule_id:
+            raw_rule_id = finding.get("title") or "security-finding"
+
+        rule_id = re.sub(r"[^a-zA-Z0-9\-]", "-", raw_rule_id).lower()
+        rule_id = re.sub(r"-+", "-", rule_id).strip("-")
+        return rule_id if rule_id else "security-finding"
+
+@classmethod
     def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> str:
         """Generate conservative HTML/CSS that xhtml2pdf can paginate reliably."""
         payload = cls._build_report_payload(task, result)
-        findings = payload["findings"]
         severity_counts = payload["severity_counts"]
-        shield_icon = cls._icon_data_uri("shield", "1e3a5f")
-        target_icon = cls._icon_data_uri("target", "2563eb")
-        findings_icon = cls._icon_data_uri("findings", "0f172a")
-        critical_icon = cls._icon_data_uri("critical", "991b1b")
-        rows_icon = cls._icon_data_uri("rows", "2563eb")
-        clock_icon = cls._icon_data_uri("clock", "475569")
+        
+        icons = {
+            "shield": cls._icon_data_uri("shield", "1e3a5f"),
+            "target": cls._icon_data_uri("target", "2563eb"),
+            "findings": cls._icon_data_uri("findings", "0f172a"),
+            "critical": cls._icon_data_uri("critical", "991b1b"),
+            "rows": cls._icon_data_uri("rows", "2563eb"),
+            "clock": cls._icon_data_uri("clock", "475569")
+        }
+        
         target_html = cls._escape_html_with_breaks(payload["target"], " ")
-
-        summary_markup = "".join(
-            f"<li>{cls._escape_html(line)}</li>" for line in payload["summary"]
-        )
+        summary_markup = "".join(f"<li>{cls._escape_html(line)}</li>" for line in payload["summary"])
         parameter_markup = "".join(
             f"<tr><td><label>{cls._escape_html(item['label'])}</label><strong>{cls._escape_html(item['value'])}</strong></td></tr>"
             for item in payload["scan_parameters"]
         )
+        
         finding_markup = "".join(
-            f"""
-            <div class="finding">
-              <table class="finding-header">
-                <tr>
-                  <td class="severity severity-{finding['severity'].lower()}"><img class="severity-icon" src="{critical_icon}" alt=""> {cls._escape_html(finding['severity'])}</td>
-                  <td>
-                    <h3>{cls._escape_html(finding['title'])}</h3>
-                    <p>{cls._escape_html(finding['category'])} | {cls._escape_html_with_breaks(finding['target'] or payload['target'], " ")}</p>
-                  </td>
-                </tr>
-              </table>
-              <h4>Description</h4>
-              <p>{cls._escape_html(finding['description'])}</p>
-              {f"<h4>Evidence</h4><pre>{cls._escape_html(finding['proof'])}</pre>" if finding['proof'] else ""}
-              {f"<div class='remediation'><h4>Recommended action</h4><p>{cls._escape_html(finding['remediation'])}</p></div>" if finding['remediation'] else ""}
-              {f"<p class='meta'>CVE: {cls._escape_html(finding['cve'])}</p>" if finding['cve'] else ""}
-            </div>
-            """
-            for finding in findings
+            cls._build_pdf_finding_markup(finding, payload['target'], icons['critical']) 
+            for finding in payload["findings"]
         )
 
         if not finding_markup:
@@ -535,7 +597,7 @@ def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any])
 <div class="page" style="background-color: #ffffff;">
   <table class="brand-table">
     <tr>
-      <td class="brand-icon"><img src="{shield_icon}" alt=""></td>
+      <td class="brand-icon"><img src="{icons['shield']}" alt=""></td>
       <td>
         <div class="eyebrow">SecuScan security export</div>
         <h1>{target_html}</h1>
@@ -546,17 +608,17 @@ def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any])
 
   <table class="stats">
     <tr>
-      <td><img class="stat-icon" src="{findings_icon}" alt=""><label>Total findings</label><strong>{len(findings)}</strong></td>
-      <td><img class="stat-icon" src="{critical_icon}" alt=""><label>Critical</label><strong>{severity_counts['CRITICAL']}</strong></td>
-      <td><img class="stat-icon" src="{target_icon}" alt=""><label>High</label><strong>{severity_counts['HIGH']}</strong></td>
-      <td><img class="stat-icon" src="{rows_icon}" alt=""><label>Structured rows</label><strong>{len(payload['rows'])}</strong></td>
+      <td><img class="stat-icon" src="{icons['findings']}" alt=""><label>Total findings</label><strong>{len(payload['findings'])}</strong></td>
+      <td><img class="stat-icon" src="{icons['critical']}" alt=""><label>Critical</label><strong>{severity_counts['CRITICAL']}</strong></td>
+      <td><img class="stat-icon" src="{icons['target']}" alt=""><label>High</label><strong>{severity_counts['HIGH']}</strong></td>
+      <td><img class="stat-icon" src="{icons['rows']}" alt=""><label>Structured rows</label><strong>{len(payload['rows'])}</strong></td>
     </tr>
   </table>
 
-  <h2><img class="stat-icon" src="{shield_icon}" alt=""> Executive Overview</h2>
+  <h2><img class="stat-icon" src="{icons['shield']}" alt=""> Executive Overview</h2>
   <ul>{summary_markup}</ul>
 
-  <h2><img class="stat-icon" src="{clock_icon}" alt=""> Assessment Details</h2>
+  <h2><img class="stat-icon" src="{icons['clock']}" alt=""> Assessment Details</h2>
   <table class="meta-table">
     <tr>
       <td><label>Task ID</label><strong>{cls._escape_html(payload['task_id'] or 'Unknown')}</strong></td>
@@ -568,70 +630,42 @@ def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any])
     </tr>
   </table>
 
-  <h2><img class="stat-icon" src="{target_icon}" alt=""> Scan Parameters</h2>
+  <h2><img class="stat-icon" src="{icons['target']}" alt=""> Scan Parameters</h2>
   <table class="meta-table">
     {parameter_markup}
   </table>
 
-  <h2><img class="stat-icon" src="{findings_icon}" alt=""> Technical Findings</h2>
+  <h2><img class="stat-icon" src="{icons['findings']}" alt=""> Technical Findings</h2>
   {finding_markup}
 </div>
 </body>
 </html>"""
 
-    @classmethod
-    def generate_pdf_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> bytes:
-        """Generate the PDF from the same HTML used by the browser report."""
-        html_report = cls._generate_pdf_html_report(task, result)
-        output = io.BytesIO()
-        pdf = pisa.CreatePDF(src=html_report, dest=output, encoding="utf-8")
-        if pdf.err:
-            raise RuntimeError("Failed to render SecuScan HTML report as PDF")
-        return output.getvalue()
-
     @classmethod
     def generate_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> str:
         """Generate a modern HTML report suitable for direct download."""
         payload = cls._build_report_payload(task, result)
-        findings = payload["findings"]
         severity_counts = payload["severity_counts"]
-        shield_icon = cls._icon_data_uri("shield", "1e3a5f")
-        target_icon = cls._icon_data_uri("target", "2563eb")
-        findings_icon = cls._icon_data_uri("findings", "0f172a")
-        critical_icon = cls._icon_data_uri("critical", "991b1b")
-        rows_icon = cls._icon_data_uri("rows", "2563eb")
-        clock_icon = cls._icon_data_uri("clock", "475569")
+        
+        icons = {
+            "shield": cls._icon_data_uri("shield", "1e3a5f"),
+            "target": cls._icon_data_uri("target", "2563eb"),
+            "findings": cls._icon_data_uri("findings", "0f172a"),
+            "critical": cls._icon_data_uri("critical", "991b1b"),
+            "rows": cls._icon_data_uri("rows", "2563eb"),
+            "clock": cls._icon_data_uri("clock", "475569")
+        }
+        
         target_html = cls._escape_html_with_breaks(payload["target"])
-
-        summary_markup = "".join(
-            f"<li>{cls._escape_html(line)}</li>" for line in payload["summary"]
-        )
+        summary_markup = "".join(f"<li>{cls._escape_html(line)}</li>" for line in payload["summary"])
         parameter_markup = "".join(
             f"<div class=\"meta-card\"><label>{cls._escape_html(item['label'])}</label><strong>{cls._escape_html(item['value'])}</strong></div>"
             for item in payload["scan_parameters"]
         )
+        
         finding_markup = "".join(
-            f"""
-            <article class="finding-card">
-                <div class="finding-top">
-                    <span class="severity severity-{finding['severity'].lower()}"><img class="mini-icon" src="{critical_icon}" alt=""> {cls._escape_html(finding['severity'])}</span>
-                    <div class="finding-heading">
-                        <h3>{cls._escape_html(finding['title'])}</h3>
-                        <p>{cls._escape_html(finding['category'])} | {cls._escape_html_with_breaks(finding['target'] or payload['target'])}</p>
-                    </div>
-                </div>
-                <div class="finding-body">
-                    <section>
-                        <h4>Description</h4>
-                        <p>{cls._escape_html(finding['description'])}</p>
-                    </section>
-                    {f"<section><h4>Evidence</h4><pre>{cls._escape_html(finding['proof'])}</pre></section>" if finding['proof'] else ""}
-                    {f"<section class='remediation'><h4>Recommended action</h4><p>{cls._escape_html(finding['remediation'])}</p></section>" if finding['remediation'] else ""}
-                    {f"<section class='meta'><span>CVE: {cls._escape_html(finding['cve'])}</span></section>" if finding['cve'] else ""}
-                </div>
-            </article>
-            """
-            for finding in findings
+            cls._build_web_finding_markup(finding, payload['target'], icons['critical']) 
+            for finding in payload["findings"]
         )
 
         if not finding_markup:
@@ -893,6 +927,54 @@ def generate_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> s
     }}
   </style>
 </head>
+<body>
+  <div class="shell">
+    <section class="hero">
+      <div class="hero-title">
+        <div class="hero-icon"><img src="{icons['shield']}" alt=""></div>
+        <div>
+          <div class="eyebrow">SecuScan security export</div>
+          <h1>{target_html}</h1>
+          <p>This report packages the most important findings, evidence, and remediation guidance from the latest assessment run into a cleaner analyst-friendly format.</p>
+        </div>
+      </div>
+    </section>
+
+    <div class="meta-grid">
+      <div class="meta-card"><div class="stat-card-header"><label>Tool</label><span class="card-icon"><img src="{icons['target']}" alt=""></span></div><strong>{cls._escape_html(payload['tool_name'])}</strong></div>
+      <div class="meta-card"><div class="stat-card-header"><label>Status</label><span class="card-icon"><img src="{icons['shield']}" alt=""></span></div><strong>{cls._escape_html(payload['status'].upper())}</strong></div>
+      <div class="meta-card"><div class="stat-card-header"><label>Task Started</label><span class="card-icon"><img src="{icons['clock']}" alt=""></span></div><strong>{cls._escape_html(cls._format_timestamp(payload['created_at']))}</strong></div>
+      <div class="meta-card"><div class="stat-card-header"><label>Exported</label><span class="card-icon"><img src="{icons['rows']}" alt=""></span></div><strong>{cls._escape_html(payload['generated_at'])}</strong></div>
+    </div>
+
+    <div class="stat-grid">
+      <div class="stat-card" style="--accent: #0f172a;"><div class="stat-card-header"><label>Total findings</label><span class="card-icon"><img src="{icons['findings']}" alt=""></span></div><strong>{len(payload['findings'])}</strong></div>
+      <div class="stat-card" style="--accent: #991b1b;"><div class="stat-card-header"><label>Critical</label><span class="card-icon"><img src="{icons['critical']}" alt=""></span></div><strong>{severity_counts['CRITICAL']}</strong></div>
+      <div class="stat-card" style="--accent: #dc2626;"><div class="stat-card-header"><label>High</label><span class="card-icon"><img src="{icons['target']}" alt=""></span></div><strong>{severity_counts['HIGH']}</strong></div>
+      <div class="stat-card" style="--accent: #2563eb;"><div class="stat-card-header"><label>Structured rows</label><span class="card-icon"><img src="{icons['rows']}" alt=""></span></div><strong>{len(payload['rows'])}</strong></div>
+    </div>
+
+    <section class="section">
+      <h2><img class="section-icon" src="{icons['shield']}" alt="">Executive Overview</h2>
+      <p class="section-copy">Key takeaways generated from the parsed assessment data.</p>
+      <ul class="summary-list">{summary_markup}</ul>
+    </section>
+
+    <section class="section">
+      <h2><img class="section-icon" src="{icons['target']}" alt="">Scan Parameters</h2>
+      <p class="section-copy">Runtime configuration captured for this task, including the selected Nikto flags and SecuScan preset context.</p>
+      <div class="meta-grid">{parameter_markup}</div>
+    </section>
+
+    <section class="section">
+      <h2><img class="section-icon" src="{icons['findings']}" alt="">Technical Findings</h2>
+      <p class="section-copy">Detailed finding cards with severity context, supporting evidence, and recommended next actions.</p>
+      <div class="findings">{finding_markup}</div>
+    </section>
+  </div>
+</body>
+</html>"""  </style>
+</head>
 <body>
   <div class="shell">
     <section class="hero">
@@ -976,133 +1058,72 @@ def generate_csv_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> st
             )
         return output.getvalue()
 
-    @classmethod
+@classmethod
     def generate_sarif_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> str:
         """Generate a SARIF v2.1.0 report for GitHub Code Scanning."""
         payload = cls._build_report_payload(task, result)
-        tool_name = payload["tool_name"]
-
-        # Define severity mapping to SARIF levels
+        
         severity_map = {
-            "CRITICAL": "error",
-            "HIGH": "error",
-            "MEDIUM": "warning",
-            "LOW": "note",
-            "INFO": "note"
+            "CRITICAL": "error", "HIGH": "error", "MEDIUM": "warning",
+            "LOW": "note", "INFO": "note"
         }
-
+        
         rules = []
         rule_indices = {}
         results = []
 
         for finding in payload["findings"]:
-            # Derive a stable, deterministic rule ID from finding-specific identifiers
-            raw_rule_id = None
-
-            # 1. Check CVE
-            cve = finding.get("cve")
-            if cve and isinstance(cve, str) and cve.strip():
-                raw_rule_id = cve.strip()
-
-            # 2. Check CWE (direct or in metadata)
-            if not raw_rule_id:
-                cwe = finding.get("cwe") or finding.get("metadata", {}).get("cwe")
-                if cwe and isinstance(cwe, str) and cwe.strip():
-                    raw_rule_id = cwe.strip()
-
-            # 3. Check specific check/plugin/finding identifiers
-            if not raw_rule_id:
-                for key in ["check_id", "plugin_rule_id", "rule_id", "id"]:
-                    val = finding.get(key) or finding.get("metadata", {}).get(key)
-                    if val and isinstance(val, str) and val.strip():
-                        raw_rule_id = val.strip()
-                        break
-
-            # 4. Fallback to sanitized title
-            if not raw_rule_id:
-                raw_rule_id = finding.get("title") or "security-finding"
-
-            # Sanitize raw rule ID (lowercase, replace non-alphanumeric with hyphens)
-            rule_id = re.sub(r"[^a-zA-Z0-9\-]", "-", raw_rule_id).lower()
-            rule_id = re.sub(r"-+", "-", rule_id).strip("-")
-            if not rule_id:
-                rule_id = "security-finding"
+            rule_id = cls._extract_sarif_rule_id(finding)
 
             if rule_id not in rule_indices:
                 rule_indices[rule_id] = len(rules)
                 rules.append({
                     "id": rule_id,
                     "name": finding.get("title", "Security Finding"),
-                    "shortDescription": {
-                        "text": finding.get("title", "Security Finding")
-                    },
-                    "fullDescription": {
-                        "text": finding.get("description", "No detailed description available.")
-                    },
-                    "help": {
-                        "text": finding.get("remediation", "No remediation provided.")
-                    },
-                    "properties": {
-                        "precision": "high"
-                    }
+                    "shortDescription": {"text": finding.get("title", "Security Finding")},
+                    "fullDescription": {"text": finding.get("description", "No detailed description available.")},
+                    "help": {"text": finding.get("remediation", "No remediation provided.")},
+                    "properties": {"precision": "high"}
                 })
 
-            sarif_result = {
-                "ruleId": rule_id,
-                "ruleIndex": rule_indices[rule_id],
-                "message": {
-                    "text": finding.get("description", "Security finding detected")
-                },
-                "level": severity_map.get(finding["severity"], "note"),
-                "locations": []
-            }
-
-            # Attempt to extract location if available
             target = finding.get("target") or payload["target"]
-            # Check if target looks like a file path or URI
+            locations = []
+            
             if target:
                 is_url = "://" in target or target.startswith(("http://", "https://"))
+                location = {"physicalLocation": {"artifactLocation": {"uri": target}}}
 
-                location = {
-                    "physicalLocation": {
-                        "artifactLocation": {
-                            "uri": target
-                        }
-                    }
-                }
-
-                # If target has a line number like file.py:123 and is NOT a web URL
                 if not is_url and ":" in target:
                     parts = target.split(":")
                     if parts[-1].isdigit():
                         location["physicalLocation"]["artifactLocation"]["uri"] = ":".join(parts[:-1])
-                        location["physicalLocation"]["region"] = {
-                            "startLine": int(parts[-1])
-                        }
-
-                sarif_result["locations"].append(location)
+                        location["physicalLocation"]["region"] = {"startLine": int(parts[-1])}
+                locations.append(location)
 
-            results.append(sarif_result)
+            results.append({
+                "ruleId": rule_id,
+                "ruleIndex": rule_indices[rule_id],
+                "message": {"text": finding.get("description", "Security finding detected")},
+                "level": severity_map.get(finding["severity"], "note"),
+                "locations": locations
+            })
 
         sarif_output = {
             "$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json",
             "version": "2.1.0",
-            "runs": [
-                {
-                    "tool": {
-                        "driver": {
-                            "name": tool_name,
-                            "version": "1.0.0",
-                            "informationUri": "https://github.com/utksh1/SecuScan",
-                            "rules": rules
-                        }
-                    },
-                    "results": results
-                }
-            ]
+            "runs": [{
+                "tool": {
+                    "driver": {
+                        "name": payload["tool_name"],
+                        "version": "1.0.0",
+                        "informationUri": "https://github.com/utksh1/SecuScan",
+                        "rules": rules
+                    }
+                },
+                "results": results
+            }]
         }
 
         return json.dumps(sarif_output, indent=2)
 
-
 reporting = ReportGenerator()

From 2dd500302805f29ab597d930102e1627522ceade Mon Sep 17 00:00:00 2001
From: Rohit Kattimani <82595800+RohitKattimani@users.noreply.github.com>
Date: Fri, 29 May 2026 22:23:23 +0530
Subject: [PATCH 2/4] Refactor HTML report generation methods

---
 backend/secuscan/reporting.py | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/backend/secuscan/reporting.py b/backend/secuscan/reporting.py
index 2afc4b81..95e8a4b2 100644
--- a/backend/secuscan/reporting.py
+++ b/backend/secuscan/reporting.py
@@ -366,7 +366,7 @@ def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any])
         """Generate conservative HTML/CSS that xhtml2pdf can paginate reliably."""
         payload = cls._build_report_payload(task, result)
         severity_counts = payload["severity_counts"]
-        
+
         icons = {
             "shield": cls._icon_data_uri("shield", "1e3a5f"),
             "target": cls._icon_data_uri("target", "2563eb"),
@@ -375,19 +375,18 @@ def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any])
             "rows": cls._icon_data_uri("rows", "2563eb"),
             "clock": cls._icon_data_uri("clock", "475569")
         }
-        
+
         target_html = cls._escape_html_with_breaks(payload["target"], " ")
         summary_markup = "".join(f"<li>{cls._escape_html(line)}</li>" for line in payload["summary"])
         parameter_markup = "".join(
             f"<tr><td><label>{cls._escape_html(item['label'])}</label><strong>{cls._escape_html(item['value'])}</strong></td></tr>"
             for item in payload["scan_parameters"]
         )
-        
+
         finding_markup = "".join(
-            cls._build_pdf_finding_markup(finding, payload['target'], icons['critical']) 
+            cls._build_pdf_finding_markup(finding, payload['target'], icons['critical'])
             for finding in payload["findings"]
         )
-
         if not finding_markup:
             finding_markup = """
             <div class="finding">
@@ -641,12 +640,12 @@ def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any])
 </body>
 </html>"""
 
-    @classmethod
+@classmethod
     def generate_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> str:
         """Generate a modern HTML report suitable for direct download."""
         payload = cls._build_report_payload(task, result)
         severity_counts = payload["severity_counts"]
-        
+
         icons = {
             "shield": cls._icon_data_uri("shield", "1e3a5f"),
             "target": cls._icon_data_uri("target", "2563eb"),
@@ -655,19 +654,18 @@ def generate_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> s
             "rows": cls._icon_data_uri("rows", "2563eb"),
             "clock": cls._icon_data_uri("clock", "475569")
         }
-        
+
         target_html = cls._escape_html_with_breaks(payload["target"])
         summary_markup = "".join(f"<li>{cls._escape_html(line)}</li>" for line in payload["summary"])
         parameter_markup = "".join(
             f"<div class=\"meta-card\"><label>{cls._escape_html(item['label'])}</label><strong>{cls._escape_html(item['value'])}</strong></div>"
             for item in payload["scan_parameters"]
         )
-        
+
         finding_markup = "".join(
-            cls._build_web_finding_markup(finding, payload['target'], icons['critical']) 
+            cls._build_web_finding_markup(finding, payload['target'], icons['critical'])
             for finding in payload["findings"]
         )
-
         if not finding_markup:
             finding_markup = """
             <article class="finding-card empty-state">
@@ -1062,12 +1060,12 @@ def generate_csv_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> st
     def generate_sarif_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> str:
         """Generate a SARIF v2.1.0 report for GitHub Code Scanning."""
         payload = cls._build_report_payload(task, result)
-        
+
         severity_map = {
             "CRITICAL": "error", "HIGH": "error", "MEDIUM": "warning",
             "LOW": "note", "INFO": "note"
         }
-        
+
         rules = []
         rule_indices = {}
         results = []
@@ -1088,7 +1086,7 @@ def generate_sarif_report(cls, task: Dict[str, Any], result: Dict[str, Any]) ->
 
             target = finding.get("target") or payload["target"]
             locations = []
-            
+
             if target:
                 is_url = "://" in target or target.startswith(("http://", "https://"))
                 location = {"physicalLocation": {"artifactLocation": {"uri": target}}}

From 95185ee1d3ae715a0a2330249f58eedf430e677c Mon Sep 17 00:00:00 2001
From: Rohit Kattimani <82595800+RohitKattimani@users.noreply.github.com>
Date: Fri, 29 May 2026 22:28:35 +0530
Subject: [PATCH 3/4] Refactor PDF and HTML report generation methods

---
 backend/secuscan/reporting.py | 764 +++++++++-------------------------
 1 file changed, 197 insertions(+), 567 deletions(-)

diff --git a/backend/secuscan/reporting.py b/backend/secuscan/reporting.py
index 95e8a4b2..06b6a0a1 100644
--- a/backend/secuscan/reporting.py
+++ b/backend/secuscan/reporting.py
@@ -283,85 +283,33 @@ def _format_timestamp(value: str) -> str:
                 continue
         return value
 
-    @classmethod
+@classmethod
     def _build_pdf_finding_markup(cls, finding: Dict[str, Any], target: str, critical_icon: str) -> str:
+        """Helper to generate HTML markup for a single PDF finding."""
         evidence_html = f"<h4>Evidence</h4><pre>{cls._escape_html(finding['proof'])}</pre>" if finding['proof'] else ""
         remediation_html = f"<div class='remediation'><h4>Recommended action</h4><p>{cls._escape_html(finding['remediation'])}</p></div>" if finding['remediation'] else ""
         cve_html = f"<p class='meta'>CVE: {cls._escape_html(finding['cve'])}</p>" if finding['cve'] else ""
         
         return f"""
         <div class="finding">
-            <table class="finding-header">
+          <table class="finding-header">
             <tr>
-                <td class="severity severity-{finding['severity'].lower()}"><img class="severity-icon" src="{critical_icon}" alt=""> {cls._escape_html(finding['severity'])}</td>
-                <td>
+              <td class="severity severity-{finding['severity'].lower()}"><img class="severity-icon" src="{critical_icon}" alt=""> {cls._escape_html(finding['severity'])}</td>
+              <td>
                 <h3>{cls._escape_html(finding['title'])}</h3>
                 <p>{cls._escape_html(finding['category'])} | {cls._escape_html_with_breaks(finding['target'] or target, " ")}</p>
-                </td>
+              </td>
             </tr>
-            </table>
-            <h4>Description</h4>
-            <p>{cls._escape_html(finding['description'])}</p>
-            {evidence_html}
-            {remediation_html}
-            {cve_html}
+          </table>
+          <h4>Description</h4>
+          <p>{cls._escape_html(finding['description'])}</p>
+          {evidence_html}
+          {remediation_html}
+          {cve_html}
         </div>
         """
 
     @classmethod
-    def _build_web_finding_markup(cls, finding: Dict[str, Any], target: str, critical_icon: str) -> str:
-        evidence_html = f"<section><h4>Evidence</h4><pre>{cls._escape_html(finding['proof'])}</pre></section>" if finding['proof'] else ""
-        remediation_html = f"<section class='remediation'><h4>Recommended action</h4><p>{cls._escape_html(finding['remediation'])}</p></section>" if finding['remediation'] else ""
-        cve_html = f"<section class='meta'><span>CVE: {cls._escape_html(finding['cve'])}</span></section>" if finding['cve'] else ""
-
-        return f"""
-        <article class="finding-card">
-            <div class="finding-top">
-                <span class="severity severity-{finding['severity'].lower()}"><img class="mini-icon" src="{critical_icon}" alt=""> {cls._escape_html(finding['severity'])}</span>
-                <div class="finding-heading">
-                    <h3>{cls._escape_html(finding['title'])}</h3>
-                    <p>{cls._escape_html(finding['category'])} | {cls._escape_html_with_breaks(finding['target'] or target)}</p>
-                </div>
-            </div>
-            <div class="finding-body">
-                <section>
-                    <h4>Description</h4>
-                    <p>{cls._escape_html(finding['description'])}</p>
-                </section>
-                {evidence_html}
-                {remediation_html}
-                {cve_html}
-            </div>
-        </article>
-        """
-
-    @classmethod
-    def _extract_sarif_rule_id(cls, finding: Dict[str, Any]) -> str:
-        raw_rule_id = None
-        cve = finding.get("cve")
-        if cve and isinstance(cve, str) and cve.strip():
-            raw_rule_id = cve.strip()
-
-        if not raw_rule_id:
-            cwe = finding.get("cwe") or finding.get("metadata", {}).get("cwe")
-            if cwe and isinstance(cwe, str) and cwe.strip():
-                raw_rule_id = cwe.strip()
-
-        if not raw_rule_id:
-            for key in ["check_id", "plugin_rule_id", "rule_id", "id"]:
-                val = finding.get(key) or finding.get("metadata", {}).get(key)
-                if val and isinstance(val, str) and val.strip():
-                    raw_rule_id = val.strip()
-                    break
-
-        if not raw_rule_id:
-            raw_rule_id = finding.get("title") or "security-finding"
-
-        rule_id = re.sub(r"[^a-zA-Z0-9\-]", "-", raw_rule_id).lower()
-        rule_id = re.sub(r"-+", "-", rule_id).strip("-")
-        return rule_id if rule_id else "security-finding"
-
-@classmethod
     def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> str:
         """Generate conservative HTML/CSS that xhtml2pdf can paginate reliably."""
         payload = cls._build_report_payload(task, result)
@@ -387,6 +335,7 @@ def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any])
             cls._build_pdf_finding_markup(finding, payload['target'], icons['critical'])
             for finding in payload["findings"]
         )
+
         if not finding_markup:
             finding_markup = """
             <div class="finding">
@@ -401,195 +350,44 @@ def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any])
   <meta charset="UTF-8">
   <title>SecuScan Report - {cls._escape_html(payload['target'])}</title>
   <style>
-    @page {{
-      size: a4 portrait;
-      margin: 18mm 14mm 16mm 14mm;
-    }}
-    html {{
-      background-color: #ffffff;
-    }}
-    body {{
-      background-color: #ffffff;
-      color: #0f172a;
-      font-family: Helvetica, Arial, sans-serif;
-      font-size: 10px;
-      line-height: 1.45;
-      margin: 0;
-    }}
-    table,
-    tr,
-    td,
-    h1,
-    h2,
-    h3,
-    h4,
-    p,
-    ul,
-    li {{
-      background-color: #ffffff;
-    }}
-    .page {{
-      background-color: #ffffff;
-      padding: 8px;
-    }}
-    .brand-table {{
-      border-collapse: collapse;
-      margin-bottom: 8px;
-      width: 100%;
-    }}
-    .brand-icon {{
-      width: 34px;
-    }}
-    .brand-icon img {{
-      height: 30px;
-      width: 30px;
-    }}
-    h1 {{
-      color: #0f172a;
-      font-size: 20px;
-      line-height: 1.18;
-      margin: 0;
-      padding: 4px 0 8px;
-      word-wrap: break-word;
-    }}
-    h2 {{
-      background-color: #f8fafc;
-      border-bottom: 1px solid #cbd5e1;
-      color: #0f172a;
-      font-size: 15px;
-      margin: 0;
-      padding: 12px 0 4px;
-    }}
-    h3 {{
-      color: #0f172a;
-      font-size: 12px;
-      margin: 0 0 3px;
-    }}
-    h4 {{
-      color: #0f172a;
-      font-size: 10px;
-      margin: 10px 0 4px;
-    }}
-    p {{
-      margin: 0;
-      padding: 0 0 7px;
-    }}
-    ul {{
-      margin: 0;
-      padding: 0 0 8px 16px;
-    }}
-    pre {{
-      background: #f8fafc;
-      border: 1px solid #cbd5e1;
-      font-family: Courier, monospace;
-      font-size: 8px;
-      line-height: 1.35;
-      margin: 0;
-      padding: 8px;
-      white-space: pre-wrap;
-    }}
-    .eyebrow {{
-      color: #2563eb;
-      font-size: 9px;
-      font-weight: bold;
-      letter-spacing: 1px;
-      text-transform: uppercase;
-    }}
-    .muted {{
-      color: #475569;
-    }}
-    .stats {{
-      border-collapse: collapse;
-      margin: 8px 0;
-      width: 100%;
-    }}
-    .stats td {{
-      background-color: #ffffff;
-      border: 1px solid #cbd5e1;
-      padding: 8px;
-      width: 25%;
-    }}
-    .stats label {{
-      color: #64748b;
-      display: block;
-      font-size: 8px;
-      text-transform: uppercase;
-    }}
-    .stats strong {{
-      color: #0f172a;
-      display: block;
-      font-size: 18px;
-      margin-top: 4px;
-    }}
-    .stat-icon {{
-      height: 18px;
-      width: 18px;
-    }}
-    .meta-table {{
-      border-collapse: collapse;
-      margin: 8px 0 0;
-      width: 100%;
-    }}
-    .meta-table td {{
-      background-color: #ffffff;
-      border-bottom: 1px solid #e2e8f0;
-      padding: 7px 4px;
-      width: 50%;
-    }}
-    .meta-table label {{
-      color: #64748b;
-      display: block;
-      font-size: 8px;
-      text-transform: uppercase;
-    }}
-    .meta-table strong {{
-      color: #0f172a;
-      display: block;
-      font-size: 10px;
-      margin-top: 2px;
-    }}
-    .finding {{
-      background-color: #ffffff;
-      border: 1px solid #cbd5e1;
-      margin: 0;
-      padding: 10px;
-      page-break-inside: avoid;
-    }}
-    .finding-header {{
-      border-collapse: collapse;
-      margin-bottom: 8px;
-      width: 100%;
-    }}
-    .finding-header td {{
-      vertical-align: top;
-    }}
-    .severity {{
-      color: #ffffff;
-      font-size: 8px;
-      font-weight: bold;
-      padding: 5px 7px;
-      text-align: center;
-      width: 54px;
-    }}
-    .severity-icon {{
-      height: 10px;
-      width: 10px;
-    }}
+    @page {{ size: a4 portrait; margin: 18mm 14mm 16mm 14mm; }}
+    html {{ background-color: #ffffff; }}
+    body {{ background-color: #ffffff; color: #0f172a; font-family: Helvetica, Arial, sans-serif; font-size: 10px; line-height: 1.45; margin: 0; }}
+    table, tr, td, h1, h2, h3, h4, p, ul, li {{ background-color: #ffffff; }}
+    .page {{ background-color: #ffffff; padding: 8px; }}
+    .brand-table {{ border-collapse: collapse; margin-bottom: 8px; width: 100%; }}
+    .brand-icon {{ width: 34px; }}
+    .brand-icon img {{ height: 30px; width: 30px; }}
+    h1 {{ color: #0f172a; font-size: 20px; line-height: 1.18; margin: 0; padding: 4px 0 8px; word-wrap: break-word; }}
+    h2 {{ background-color: #f8fafc; border-bottom: 1px solid #cbd5e1; color: #0f172a; font-size: 15px; margin: 0; padding: 12px 0 4px; }}
+    h3 {{ color: #0f172a; font-size: 12px; margin: 0 0 3px; }}
+    h4 {{ color: #0f172a; font-size: 10px; margin: 10px 0 4px; }}
+    p {{ margin: 0; padding: 0 0 7px; }}
+    ul {{ margin: 0; padding: 0 0 8px 16px; }}
+    pre {{ background: #f8fafc; border: 1px solid #cbd5e1; font-family: Courier, monospace; font-size: 8px; line-height: 1.35; margin: 0; padding: 8px; white-space: pre-wrap; }}
+    .eyebrow {{ color: #2563eb; font-size: 9px; font-weight: bold; letter-spacing: 1px; text-transform: uppercase; }}
+    .muted {{ color: #475569; }}
+    .stats {{ border-collapse: collapse; margin: 8px 0; width: 100%; }}
+    .stats td {{ background-color: #ffffff; border: 1px solid #cbd5e1; padding: 8px; width: 25%; }}
+    .stats label {{ color: #64748b; display: block; font-size: 8px; text-transform: uppercase; }}
+    .stats strong {{ color: #0f172a; display: block; font-size: 18px; margin-top: 4px; }}
+    .stat-icon {{ height: 18px; width: 18px; }}
+    .meta-table {{ border-collapse: collapse; margin: 8px 0 0; width: 100%; }}
+    .meta-table td {{ background-color: #ffffff; border-bottom: 1px solid #e2e8f0; padding: 7px 4px; width: 50%; }}
+    .meta-table label {{ color: #64748b; display: block; font-size: 8px; text-transform: uppercase; }}
+    .meta-table strong {{ color: #0f172a; display: block; font-size: 10px; margin-top: 2px; }}
+    .finding {{ background-color: #ffffff; border: 1px solid #cbd5e1; margin: 0; padding: 10px; page-break-inside: avoid; }}
+    .finding-header {{ border-collapse: collapse; margin-bottom: 8px; width: 100%; }}
+    .finding-header td {{ vertical-align: top; }}
+    .severity {{ color: #ffffff; font-size: 8px; font-weight: bold; padding: 5px 7px; text-align: center; width: 54px; }}
+    .severity-icon {{ height: 10px; width: 10px; }}
     .severity-critical {{ background: #991b1b; }}
     .severity-high {{ background: #dc2626; }}
     .severity-medium {{ background: #d97706; }}
     .severity-low {{ background: #2563eb; }}
     .severity-info {{ background: #475569; }}
-    .remediation {{
-      background: #f0fdf4;
-      border-left: 3px solid #22c55e;
-      margin-top: 8px;
-      padding: 8px;
-    }}
-    .remediation h4,
-    .remediation p {{
-      color: #166534;
-    }}
+    .remediation {{ background: #f0fdf4; border-left: 3px solid #22c55e; margin-top: 8px; padding: 8px; }}
+    .remediation h4, .remediation p {{ color: #166534; }}
   </style>
 </head>
 <body bgcolor="#ffffff" style="background-color: #ffffff;">
@@ -640,7 +438,45 @@ def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any])
 </body>
 </html>"""
 
-@classmethod
+    @classmethod
+    def generate_pdf_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> bytes:
+        """Generate the PDF from the same HTML used by the browser report."""
+        html_report = cls._generate_pdf_html_report(task, result)
+        output = io.BytesIO()
+        pdf = pisa.CreatePDF(src=html_report, dest=output, encoding="utf-8")
+        if pdf.err:
+            raise RuntimeError("Failed to render SecuScan HTML report as PDF")
+        return output.getvalue()
+
+    @classmethod
+    def _build_web_finding_markup(cls, finding: Dict[str, Any], target: str, critical_icon: str) -> str:
+        """Helper to generate HTML markup for a single web finding."""
+        evidence_html = f"<section><h4>Evidence</h4><pre>{cls._escape_html(finding['proof'])}</pre></section>" if finding['proof'] else ""
+        remediation_html = f"<section class='remediation'><h4>Recommended action</h4><p>{cls._escape_html(finding['remediation'])}</p></section>" if finding['remediation'] else ""
+        cve_html = f"<section class='meta'><span>CVE: {cls._escape_html(finding['cve'])}</span></section>" if finding['cve'] else ""
+
+        return f"""
+        <article class="finding-card">
+          <div class="finding-top">
+            <span class="severity severity-{finding['severity'].lower()}"><img class="mini-icon" src="{critical_icon}" alt=""> {cls._escape_html(finding['severity'])}</span>
+            <div class="finding-heading">
+              <h3>{cls._escape_html(finding['title'])}</h3>
+              <p>{cls._escape_html(finding['category'])} | {cls._escape_html_with_breaks(finding['target'] or target)}</p>
+            </div>
+          </div>
+          <div class="finding-body">
+            <section>
+              <h4>Description</h4>
+              <p>{cls._escape_html(finding['description'])}</p>
+            </section>
+            {evidence_html}
+            {remediation_html}
+            {cve_html}
+          </div>
+        </article>
+        """
+
+    @classmethod
     def generate_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> str:
         """Generate a modern HTML report suitable for direct download."""
         payload = cls._build_report_payload(task, result)
@@ -666,13 +502,14 @@ def generate_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> s
             cls._build_web_finding_markup(finding, payload['target'], icons['critical'])
             for finding in payload["findings"]
         )
+
         if not finding_markup:
             finding_markup = """
             <article class="finding-card empty-state">
-                <div class="finding-body">
-                    <h3>No structured findings were available</h3>
-                    <p>This report finished without parsed findings. Review the raw task output in SecuScan for more detail.</p>
-                </div>
+              <div class="finding-body">
+                <h3>No structured findings were available</h3>
+                <p>This report finished without parsed findings. Review the raw task output in SecuScan for more detail.</p>
+              </div>
             </article>
             """
 
@@ -684,243 +521,64 @@ def generate_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> s
   <title>SecuScan Report - {cls._escape_html(payload['target'])}</title>
   <style>
     :root {{
-      --ink: #0f172a;
-      --muted: #475569;
-      --subtle: #64748b;
-      --panel: #ffffff;
-      --panel-alt: #f8fafc;
-      --line: #e2e8f0;
-      --bg: linear-gradient(180deg, #e0f2fe 0%, #f8fafc 22%, #f8fafc 100%);
-      --critical: #991b1b;
-      --high: #dc2626;
-      --medium: #d97706;
-      --low: #2563eb;
-      --info: #475569;
-      --success-bg: #f0fdf4;
-      --success-ink: #166534;
+      --ink: #0f172a; --muted: #475569; --subtle: #64748b; --panel: #ffffff;
+      --panel-alt: #f8fafc; --line: #e2e8f0; --bg: linear-gradient(180deg, #e0f2fe 0%, #f8fafc 22%, #f8fafc 100%);
+      --critical: #991b1b; --high: #dc2626; --medium: #d97706; --low: #2563eb; --info: #475569;
+      --success-bg: #f0fdf4; --success-ink: #166534;
     }}
     * {{ box-sizing: border-box; }}
-    body {{
-      margin: 0;
-      font-family: "Segoe UI", Arial, sans-serif;
-      background: var(--bg);
-      color: var(--ink);
-      padding: 36px 18px 80px;
-      line-height: 1.6;
-    }}
+    body {{ margin: 0; font-family: "Segoe UI", Arial, sans-serif; background: var(--bg); color: var(--ink); padding: 36px 18px 80px; line-height: 1.6; }}
     .shell {{ max-width: 1100px; margin: 0 auto; }}
-    .hero {{
-      background: linear-gradient(135deg, #0f172a 0%, #1d4ed8 58%, #0f766e 100%);
-      color: white;
-      border-radius: 24px;
-      padding: 32px;
-      box-shadow: 0 24px 60px rgba(15, 23, 42, 0.18);
-    }}
-    .hero-title {{
-      align-items: flex-start;
-      display: flex;
-      gap: 16px;
-    }}
-    .hero-icon {{
-      border: 1px solid rgba(255, 255, 255, 0.28);
-      border-radius: 16px;
-      height: 56px;
-      padding: 8px;
-      width: 56px;
-    }}
-    .hero-icon img, .card-icon img, .section-icon, .mini-icon {{
-      display: block;
-    }}
-    .card-icon img {{
-      height: 26px;
-      width: 26px;
-    }}
-    .section-icon {{
-      display: inline-block;
-      height: 22px;
-      margin-right: 8px;
-      vertical-align: middle;
-      width: 22px;
-    }}
-    .mini-icon {{
-      display: inline-block;
-      height: 14px;
-      margin-right: 4px;
-      vertical-align: middle;
-      width: 14px;
-    }}
-    .eyebrow {{
-      letter-spacing: 0.16em;
-      text-transform: uppercase;
-      font-size: 12px;
-      opacity: 0.85;
-      margin-bottom: 10px;
-    }}
+    .hero {{ background: linear-gradient(135deg, #0f172a 0%, #1d4ed8 58%, #0f766e 100%); color: white; border-radius: 24px; padding: 32px; box-shadow: 0 24px 60px rgba(15, 23, 42, 0.18); }}
+    .hero-title {{ align-items: flex-start; display: flex; gap: 16px; }}
+    .hero-icon {{ border: 1px solid rgba(255, 255, 255, 0.28); border-radius: 16px; height: 56px; padding: 8px; width: 56px; }}
+    .hero-icon img, .card-icon img, .section-icon, .mini-icon {{ display: block; }}
+    .card-icon img {{ height: 26px; width: 26px; }}
+    .section-icon {{ display: inline-block; height: 22px; margin-right: 8px; vertical-align: middle; width: 22px; }}
+    .mini-icon {{ display: inline-block; height: 14px; margin-right: 4px; vertical-align: middle; width: 14px; }}
+    .eyebrow {{ letter-spacing: 0.16em; text-transform: uppercase; font-size: 12px; opacity: 0.85; margin-bottom: 10px; }}
     h1 {{ margin: 0; font-size: clamp(2rem, 5vw, 3.5rem); line-height: 1.05; }}
     .hero p {{ max-width: 760px; color: rgba(255, 255, 255, 0.86); }}
-    .meta-grid, .stat-grid {{
-      display: grid;
-      gap: 16px;
-      margin-top: 24px;
-    }}
+    .meta-grid, .stat-grid {{ display: grid; gap: 16px; margin-top: 24px; }}
     .meta-grid {{ grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); }}
     .stat-grid {{ grid-template-columns: repeat(auto-fit, minmax(150px, 1fr)); margin-top: 28px; }}
-    .meta-card, .stat-card, .finding-card {{
-      background: var(--panel);
-      border: 1px solid var(--line);
-      border-radius: 20px;
-      box-shadow: 0 14px 40px rgba(15, 23, 42, 0.06);
-    }}
+    .meta-card, .stat-card, .finding-card {{ background: var(--panel); border: 1px solid var(--line); border-radius: 20px; box-shadow: 0 14px 40px rgba(15, 23, 42, 0.06); }}
     .meta-card, .stat-card {{ padding: 18px 20px; }}
-    .meta-card label, .stat-card label {{
-      display: block;
-      font-size: 11px;
-      text-transform: uppercase;
-      letter-spacing: 0.12em;
-      color: var(--subtle);
-      margin-bottom: 8px;
-      font-weight: 700;
-    }}
-    .meta-card strong, .stat-card strong {{
-      font-size: 1.35rem;
-      color: var(--ink);
-    }}
-    .stat-card {{
-      position: relative;
-      overflow: hidden;
-    }}
-    .stat-card-header {{
-      align-items: center;
-      display: flex;
-      justify-content: space-between;
-      margin-bottom: 8px;
-    }}
-    .stat-card::before {{
-      content: "";
-      position: absolute;
-      inset: 0 auto 0 0;
-      width: 6px;
-      background: var(--accent, var(--info));
-    }}
-    .section {{
-      margin-top: 28px;
-      background: rgba(255, 255, 255, 0.58);
-      backdrop-filter: blur(12px);
-      border: 1px solid rgba(226, 232, 240, 0.9);
-      border-radius: 24px;
-      padding: 26px;
-    }}
-    .section h2 {{
-      margin: 0 0 10px;
-      font-size: 1.6rem;
-    }}
-    .section-copy {{
-      margin: 0 0 18px;
-      color: var(--muted);
-    }}
-    .summary-list {{
-      margin: 0;
-      padding-left: 20px;
-      color: var(--muted);
-    }}
-    .findings {{
-      display: grid;
-      gap: 18px;
-    }}
-    .finding-card {{
-      overflow: hidden;
-    }}
-    .finding-top {{
-      display: flex;
-      gap: 16px;
-      align-items: flex-start;
-      padding: 20px 22px 14px;
-      border-bottom: 1px solid var(--line);
-      background: var(--panel-alt);
-    }}
-    .finding-heading h3 {{
-      margin: 0 0 4px;
-      font-size: 1.2rem;
-    }}
-    .finding-heading p {{
-      margin: 0;
-      color: var(--subtle);
-      font-size: 0.95rem;
-    }}
-    .severity {{
-      display: inline-flex;
-      align-items: center;
-      justify-content: center;
-      min-width: 90px;
-      padding: 7px 12px;
-      border-radius: 999px;
-      color: white;
-      font-size: 12px;
-      font-weight: 800;
-      letter-spacing: 0.08em;
-      text-transform: uppercase;
-    }}
+    .meta-card label, .stat-card label {{ display: block; font-size: 11px; text-transform: uppercase; letter-spacing: 0.12em; color: var(--subtle); margin-bottom: 8px; font-weight: 700; }}
+    .meta-card strong, .stat-card strong {{ font-size: 1.35rem; color: var(--ink); }}
+    .stat-card {{ position: relative; overflow: hidden; }}
+    .stat-card-header {{ align-items: center; display: flex; justify-content: space-between; margin-bottom: 8px; }}
+    .stat-card::before {{ content: ""; position: absolute; inset: 0 auto 0 0; width: 6px; background: var(--accent, var(--info)); }}
+    .section {{ margin-top: 28px; background: rgba(255, 255, 255, 0.58); backdrop-filter: blur(12px); border: 1px solid rgba(226, 232, 240, 0.9); border-radius: 24px; padding: 26px; }}
+    .section h2 {{ margin: 0 0 10px; font-size: 1.6rem; }}
+    .section-copy {{ margin: 0 0 18px; color: var(--muted); }}
+    .summary-list {{ margin: 0; padding-left: 20px; color: var(--muted); }}
+    .findings {{ display: grid; gap: 18px; }}
+    .finding-card {{ overflow: hidden; }}
+    .finding-top {{ display: flex; gap: 16px; align-items: flex-start; padding: 20px 22px 14px; border-bottom: 1px solid var(--line); background: var(--panel-alt); }}
+    .finding-heading h3 {{ margin: 0 0 4px; font-size: 1.2rem; }}
+    .finding-heading p {{ margin: 0; color: var(--subtle); font-size: 0.95rem; }}
+    .severity {{ display: inline-flex; align-items: center; justify-content: center; min-width: 90px; padding: 7px 12px; border-radius: 999px; color: white; font-size: 12px; font-weight: 800; letter-spacing: 0.08em; text-transform: uppercase; }}
     .severity-critical {{ background: var(--critical); }}
     .severity-high {{ background: var(--high); }}
     .severity-medium {{ background: var(--medium); }}
     .severity-low {{ background: var(--low); }}
     .severity-info {{ background: var(--info); }}
-    .finding-body {{
-      padding: 22px;
-      display: grid;
-      gap: 16px;
-    }}
-    .finding-body h4 {{
-      margin: 0 0 6px;
-      font-size: 0.95rem;
-    }}
-    .finding-body p, .finding-body pre {{
-      margin: 0;
-      color: var(--muted);
-    }}
-    .finding-body pre {{
-      white-space: pre-wrap;
-      word-break: break-word;
-      background: #0f172a;
-      color: #dbeafe;
-      padding: 16px;
-      border-radius: 14px;
-      font-size: 0.9rem;
-    }}
-    .remediation {{
-      background: var(--success-bg);
-      border-left: 4px solid #22c55e;
-      padding: 16px;
-      border-radius: 14px;
-    }}
+    .finding-body {{ padding: 22px; display: grid; gap: 16px; }}
+    .finding-body h4 {{ margin: 0 0 6px; font-size: 0.95rem; }}
+    .finding-body p, .finding-body pre {{ margin: 0; color: var(--muted); }}
+    .finding-body pre {{ white-space: pre-wrap; word-break: break-word; background: #0f172a; color: #dbeafe; padding: 16px; border-radius: 14px; font-size: 0.9rem; }}
+    .remediation {{ background: var(--success-bg); border-left: 4px solid #22c55e; padding: 16px; border-radius: 14px; }}
     .remediation p, .remediation h4 {{ color: var(--success-ink); }}
     .empty-state {{ text-align: center; }}
-    @page {{
-      size: A4;
-      margin: 14mm 12mm 16mm;
-    }}
+    @page {{ size: A4; margin: 14mm 12mm 16mm; }}
     @media print {{
-      body {{
-        background: white;
-        padding: 0;
-        print-color-adjust: exact;
-      }}
+      body {{ background: white; padding: 0; print-color-adjust: exact; }}
       .shell {{ max-width: none; }}
-      .hero {{
-        box-shadow: none;
-        break-inside: avoid;
-      }}
-      .meta-card,
-      .stat-card,
-      .finding-card {{
-        break-inside: avoid;
-      }}
-      .finding-top {{
-        break-after: avoid;
-      }}
-      .finding-body section {{
-        break-inside: avoid;
-      }}
+      .hero {{ box-shadow: none; break-inside: avoid; }}
+      .meta-card, .stat-card, .finding-card {{ break-inside: avoid; }}
+      .finding-top {{ break-after: avoid; }}
+      .finding-body section {{ break-inside: avoid; }}
       .section, .meta-card, .stat-card, .finding-card {{ box-shadow: none; }}
     }}
   </style>
@@ -971,54 +629,6 @@ def generate_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> s
     </section>
   </div>
 </body>
-</html>"""  </style>
-</head>
-<body>
-  <div class="shell">
-    <section class="hero">
-      <div class="hero-title">
-        <div class="hero-icon"><img src="{shield_icon}" alt=""></div>
-        <div>
-          <div class="eyebrow">SecuScan security export</div>
-          <h1>{target_html}</h1>
-          <p>This report packages the most important findings, evidence, and remediation guidance from the latest assessment run into a cleaner analyst-friendly format.</p>
-        </div>
-      </div>
-    </section>
-
-    <div class="meta-grid">
-      <div class="meta-card"><div class="stat-card-header"><label>Tool</label><span class="card-icon"><img src="{target_icon}" alt=""></span></div><strong>{cls._escape_html(payload['tool_name'])}</strong></div>
-      <div class="meta-card"><div class="stat-card-header"><label>Status</label><span class="card-icon"><img src="{shield_icon}" alt=""></span></div><strong>{cls._escape_html(payload['status'].upper())}</strong></div>
-      <div class="meta-card"><div class="stat-card-header"><label>Task Started</label><span class="card-icon"><img src="{clock_icon}" alt=""></span></div><strong>{cls._escape_html(cls._format_timestamp(payload['created_at']))}</strong></div>
-      <div class="meta-card"><div class="stat-card-header"><label>Exported</label><span class="card-icon"><img src="{rows_icon}" alt=""></span></div><strong>{cls._escape_html(payload['generated_at'])}</strong></div>
-    </div>
-
-    <div class="stat-grid">
-      <div class="stat-card" style="--accent: #0f172a;"><div class="stat-card-header"><label>Total findings</label><span class="card-icon"><img src="{findings_icon}" alt=""></span></div><strong>{len(findings)}</strong></div>
-      <div class="stat-card" style="--accent: #991b1b;"><div class="stat-card-header"><label>Critical</label><span class="card-icon"><img src="{critical_icon}" alt=""></span></div><strong>{severity_counts['CRITICAL']}</strong></div>
-      <div class="stat-card" style="--accent: #dc2626;"><div class="stat-card-header"><label>High</label><span class="card-icon"><img src="{target_icon}" alt=""></span></div><strong>{severity_counts['HIGH']}</strong></div>
-      <div class="stat-card" style="--accent: #2563eb;"><div class="stat-card-header"><label>Structured rows</label><span class="card-icon"><img src="{rows_icon}" alt=""></span></div><strong>{len(payload['rows'])}</strong></div>
-    </div>
-
-    <section class="section">
-      <h2><img class="section-icon" src="{shield_icon}" alt="">Executive Overview</h2>
-      <p class="section-copy">Key takeaways generated from the parsed assessment data.</p>
-      <ul class="summary-list">{summary_markup}</ul>
-    </section>
-
-    <section class="section">
-      <h2><img class="section-icon" src="{target_icon}" alt="">Scan Parameters</h2>
-      <p class="section-copy">Runtime configuration captured for this task, including the selected Nikto flags and SecuScan preset context.</p>
-      <div class="meta-grid">{parameter_markup}</div>
-    </section>
-
-    <section class="section">
-      <h2><img class="section-icon" src="{findings_icon}" alt="">Technical Findings</h2>
-      <p class="section-copy">Detailed finding cards with severity context, supporting evidence, and recommended next actions.</p>
-      <div class="findings">{finding_markup}</div>
-    </section>
-  </div>
-</body>
 </html>"""
 
     @classmethod
@@ -1028,17 +638,7 @@ def generate_csv_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> st
         output = io.StringIO()
         writer = csv.writer(output)
         writer.writerow(
-            [
-                "Severity",
-                "Title",
-                "Category",
-                "Target",
-                "CVSS",
-                "CVE",
-                "Description",
-                "Evidence",
-                "Remediation",
-            ]
+            ["Severity", "Title", "Category", "Target", "CVSS", "CVE", "Description", "Evidence", "Remediation"]
         )
         for finding in payload["findings"]:
             writer.writerow(
@@ -1056,16 +656,57 @@ def generate_csv_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> st
             )
         return output.getvalue()
 
-@classmethod
+    @classmethod
+    def _extract_sarif_rule_id(cls, finding: Dict[str, Any]) -> str:
+        """Extract a stable, deterministic rule ID for SARIF."""
+        raw_rule_id = None
+
+        cve = finding.get("cve")
+        if cve and isinstance(cve, str) and cve.strip():
+            raw_rule_id = cve.strip()
+
+        if not raw_rule_id:
+            cwe = finding.get("cwe") or finding.get("metadata", {}).get("cwe")
+            if cwe and isinstance(cwe, str) and cwe.strip():
+                raw_rule_id = cwe.strip()
+
+        if not raw_rule_id:
+            for key in ["check_id", "plugin_rule_id", "rule_id", "id"]:
+                val = finding.get(key) or finding.get("metadata", {}).get(key)
+                if val and isinstance(val, str) and val.strip():
+                    raw_rule_id = val.strip()
+                    break
+
+        if not raw_rule_id:
+            raw_rule_id = finding.get("title") or "security-finding"
+
+        rule_id = re.sub(r"[^a-zA-Z0-9\-]", "-", raw_rule_id).lower()
+        rule_id = re.sub(r"-+", "-", rule_id).strip("-")
+        return rule_id if rule_id else "security-finding"
+
+    @classmethod
+    def _extract_sarif_locations(cls, finding: Dict[str, Any], default_target: str) -> List[Dict[str, Any]]:
+        """Extract location data for a SARIF finding."""
+        target = finding.get("target") or default_target
+        if not target:
+            return []
+
+        is_url = "://" in target or target.startswith(("http://", "https://"))
+        location = {"physicalLocation": {"artifactLocation": {"uri": target}}}
+
+        if not is_url and ":" in target:
+            parts = target.split(":")
+            if parts[-1].isdigit():
+                location["physicalLocation"]["artifactLocation"]["uri"] = ":".join(parts[:-1])
+                location["physicalLocation"]["region"] = {"startLine": int(parts[-1])}
+
+        return [location]
+
+    @classmethod
     def generate_sarif_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> str:
         """Generate a SARIF v2.1.0 report for GitHub Code Scanning."""
         payload = cls._build_report_payload(task, result)
 
-        severity_map = {
-            "CRITICAL": "error", "HIGH": "error", "MEDIUM": "warning",
-            "LOW": "note", "INFO": "note"
-        }
-
         rules = []
         rule_indices = {}
         results = []
@@ -1084,42 +725,31 @@ def generate_sarif_report(cls, task: Dict[str, Any], result: Dict[str, Any]) ->
                     "properties": {"precision": "high"}
                 })
 
-            target = finding.get("target") or payload["target"]
-            locations = []
-
-            if target:
-                is_url = "://" in target or target.startswith(("http://", "https://"))
-                location = {"physicalLocation": {"artifactLocation": {"uri": target}}}
-
-                if not is_url and ":" in target:
-                    parts = target.split(":")
-                    if parts[-1].isdigit():
-                        location["physicalLocation"]["artifactLocation"]["uri"] = ":".join(parts[:-1])
-                        location["physicalLocation"]["region"] = {"startLine": int(parts[-1])}
-                locations.append(location)
-
-            results.append({
+            sarif_result = {
                 "ruleId": rule_id,
                 "ruleIndex": rule_indices[rule_id],
                 "message": {"text": finding.get("description", "Security finding detected")},
-                "level": severity_map.get(finding["severity"], "note"),
-                "locations": locations
-            })
+                "level": cls.SARIF_SEVERITY_MAP.get(finding["severity"], "note"),
+                "locations": cls._extract_sarif_locations(finding, payload["target"])
+            }
+            results.append(sarif_result)
 
         sarif_output = {
             "$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json",
             "version": "2.1.0",
-            "runs": [{
-                "tool": {
-                    "driver": {
-                        "name": payload["tool_name"],
-                        "version": "1.0.0",
-                        "informationUri": "https://github.com/utksh1/SecuScan",
-                        "rules": rules
-                    }
-                },
-                "results": results
-            }]
+            "runs": [
+                {
+                    "tool": {
+                        "driver": {
+                            "name": payload["tool_name"],
+                            "version": "1.0.0",
+                            "informationUri": "https://github.com/utksh1/SecuScan",
+                            "rules": rules
+                        }
+                    },
+                    "results": results
+                }
+            ]
         }
 
         return json.dumps(sarif_output, indent=2)

From 790ec592f09a36f58fa3a58caa44f87b94948908 Mon Sep 17 00:00:00 2001
From: Rohit Kattimani <82595800+RohitKattimani@users.noreply.github.com>
Date: Fri, 29 May 2026 22:36:55 +0530
Subject: [PATCH 4/4] Update reporting.py

---
 backend/secuscan/reporting.py | 706 +++++++++++++++++++++++++---------
 1 file changed, 533 insertions(+), 173 deletions(-)

diff --git a/backend/secuscan/reporting.py b/backend/secuscan/reporting.py
index 06b6a0a1..084cf827 100644
--- a/backend/secuscan/reporting.py
+++ b/backend/secuscan/reporting.py
@@ -283,31 +283,30 @@ def _format_timestamp(value: str) -> str:
                 continue
         return value
 
-@classmethod
+    @classmethod
     def _build_pdf_finding_markup(cls, finding: Dict[str, Any], target: str, critical_icon: str) -> str:
-        """Helper to generate HTML markup for a single PDF finding."""
-        evidence_html = f"<h4>Evidence</h4><pre>{cls._escape_html(finding['proof'])}</pre>" if finding['proof'] else ""
-        remediation_html = f"<div class='remediation'><h4>Recommended action</h4><p>{cls._escape_html(finding['remediation'])}</p></div>" if finding['remediation'] else ""
-        cve_html = f"<p class='meta'>CVE: {cls._escape_html(finding['cve'])}</p>" if finding['cve'] else ""
-        
+        evidence_html = f"<h4>Evidence</h4><pre>{cls._escape_html(finding['proof'])}</pre>" if finding.get("proof") else ""
+        remediation_html = f"<div class='remediation'><h4>Recommended action</h4><p>{cls._escape_html(finding['remediation'])}</p></div>" if finding.get("remediation") else ""
+        cve_html = f"<p class='meta'>CVE: {cls._escape_html(finding['cve'])}</p>" if finding.get("cve") else ""
+
         return f"""
-        <div class="finding">
-          <table class="finding-header">
-            <tr>
-              <td class="severity severity-{finding['severity'].lower()}"><img class="severity-icon" src="{critical_icon}" alt=""> {cls._escape_html(finding['severity'])}</td>
-              <td>
-                <h3>{cls._escape_html(finding['title'])}</h3>
-                <p>{cls._escape_html(finding['category'])} | {cls._escape_html_with_breaks(finding['target'] or target, " ")}</p>
-              </td>
-            </tr>
-          </table>
-          <h4>Description</h4>
-          <p>{cls._escape_html(finding['description'])}</p>
-          {evidence_html}
-          {remediation_html}
-          {cve_html}
-        </div>
-        """
+            <div class="finding">
+              <table class="finding-header">
+                <tr>
+                  <td class="severity severity-{finding['severity'].lower()}"><img class="severity-icon" src="{critical_icon}" alt=""> {cls._escape_html(finding['severity'])}</td>
+                  <td>
+                    <h3>{cls._escape_html(finding['title'])}</h3>
+                    <p>{cls._escape_html(finding['category'])} | {cls._escape_html_with_breaks(finding['target'] or target, " ")}</p>
+                  </td>
+                </tr>
+              </table>
+              <h4>Description</h4>
+              <p>{cls._escape_html(finding['description'])}</p>
+              {evidence_html}
+              {remediation_html}
+              {cve_html}
+            </div>
+            """
 
     @classmethod
     def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> str:
@@ -315,24 +314,25 @@ def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any])
         payload = cls._build_report_payload(task, result)
         severity_counts = payload["severity_counts"]
 
-        icons = {
-            "shield": cls._icon_data_uri("shield", "1e3a5f"),
-            "target": cls._icon_data_uri("target", "2563eb"),
-            "findings": cls._icon_data_uri("findings", "0f172a"),
-            "critical": cls._icon_data_uri("critical", "991b1b"),
-            "rows": cls._icon_data_uri("rows", "2563eb"),
-            "clock": cls._icon_data_uri("clock", "475569")
-        }
+        shield_icon = cls._icon_data_uri("shield", "1e3a5f")
+        target_icon = cls._icon_data_uri("target", "2563eb")
+        findings_icon = cls._icon_data_uri("findings", "0f172a")
+        critical_icon = cls._icon_data_uri("critical", "991b1b")
+        rows_icon = cls._icon_data_uri("rows", "2563eb")
+        clock_icon = cls._icon_data_uri("clock", "475569")
 
         target_html = cls._escape_html_with_breaks(payload["target"], " ")
-        summary_markup = "".join(f"<li>{cls._escape_html(line)}</li>" for line in payload["summary"])
+
+        summary_markup = "".join(
+            f"<li>{cls._escape_html(line)}</li>" for line in payload["summary"]
+        )
         parameter_markup = "".join(
             f"<tr><td><label>{cls._escape_html(item['label'])}</label><strong>{cls._escape_html(item['value'])}</strong></td></tr>"
             for item in payload["scan_parameters"]
         )
 
         finding_markup = "".join(
-            cls._build_pdf_finding_markup(finding, payload['target'], icons['critical'])
+            cls._build_pdf_finding_markup(finding, payload["target"], critical_icon)
             for finding in payload["findings"]
         )
 
@@ -350,51 +350,202 @@ def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any])
   <meta charset="UTF-8">
   <title>SecuScan Report - {cls._escape_html(payload['target'])}</title>
   <style>
-    @page {{ size: a4 portrait; margin: 18mm 14mm 16mm 14mm; }}
-    html {{ background-color: #ffffff; }}
-    body {{ background-color: #ffffff; color: #0f172a; font-family: Helvetica, Arial, sans-serif; font-size: 10px; line-height: 1.45; margin: 0; }}
-    table, tr, td, h1, h2, h3, h4, p, ul, li {{ background-color: #ffffff; }}
-    .page {{ background-color: #ffffff; padding: 8px; }}
-    .brand-table {{ border-collapse: collapse; margin-bottom: 8px; width: 100%; }}
-    .brand-icon {{ width: 34px; }}
-    .brand-icon img {{ height: 30px; width: 30px; }}
-    h1 {{ color: #0f172a; font-size: 20px; line-height: 1.18; margin: 0; padding: 4px 0 8px; word-wrap: break-word; }}
-    h2 {{ background-color: #f8fafc; border-bottom: 1px solid #cbd5e1; color: #0f172a; font-size: 15px; margin: 0; padding: 12px 0 4px; }}
-    h3 {{ color: #0f172a; font-size: 12px; margin: 0 0 3px; }}
-    h4 {{ color: #0f172a; font-size: 10px; margin: 10px 0 4px; }}
-    p {{ margin: 0; padding: 0 0 7px; }}
-    ul {{ margin: 0; padding: 0 0 8px 16px; }}
-    pre {{ background: #f8fafc; border: 1px solid #cbd5e1; font-family: Courier, monospace; font-size: 8px; line-height: 1.35; margin: 0; padding: 8px; white-space: pre-wrap; }}
-    .eyebrow {{ color: #2563eb; font-size: 9px; font-weight: bold; letter-spacing: 1px; text-transform: uppercase; }}
-    .muted {{ color: #475569; }}
-    .stats {{ border-collapse: collapse; margin: 8px 0; width: 100%; }}
-    .stats td {{ background-color: #ffffff; border: 1px solid #cbd5e1; padding: 8px; width: 25%; }}
-    .stats label {{ color: #64748b; display: block; font-size: 8px; text-transform: uppercase; }}
-    .stats strong {{ color: #0f172a; display: block; font-size: 18px; margin-top: 4px; }}
-    .stat-icon {{ height: 18px; width: 18px; }}
-    .meta-table {{ border-collapse: collapse; margin: 8px 0 0; width: 100%; }}
-    .meta-table td {{ background-color: #ffffff; border-bottom: 1px solid #e2e8f0; padding: 7px 4px; width: 50%; }}
-    .meta-table label {{ color: #64748b; display: block; font-size: 8px; text-transform: uppercase; }}
-    .meta-table strong {{ color: #0f172a; display: block; font-size: 10px; margin-top: 2px; }}
-    .finding {{ background-color: #ffffff; border: 1px solid #cbd5e1; margin: 0; padding: 10px; page-break-inside: avoid; }}
-    .finding-header {{ border-collapse: collapse; margin-bottom: 8px; width: 100%; }}
-    .finding-header td {{ vertical-align: top; }}
-    .severity {{ color: #ffffff; font-size: 8px; font-weight: bold; padding: 5px 7px; text-align: center; width: 54px; }}
-    .severity-icon {{ height: 10px; width: 10px; }}
+    @page {{
+      size: a4 portrait;
+      margin: 18mm 14mm 16mm 14mm;
+    }}
+    html {{
+      background-color: #ffffff;
+    }}
+    body {{
+      background-color: #ffffff;
+      color: #0f172a;
+      font-family: Helvetica, Arial, sans-serif;
+      font-size: 10px;
+      line-height: 1.45;
+      margin: 0;
+    }}
+    table,
+    tr,
+    td,
+    h1,
+    h2,
+    h3,
+    h4,
+    p,
+    ul,
+    li {{
+      background-color: #ffffff;
+    }}
+    .page {{
+      background-color: #ffffff;
+      padding: 8px;
+    }}
+    .brand-table {{
+      border-collapse: collapse;
+      margin-bottom: 8px;
+      width: 100%;
+    }}
+    .brand-icon {{
+      width: 34px;
+    }}
+    .brand-icon img {{
+      height: 30px;
+      width: 30px;
+    }}
+    h1 {{
+      color: #0f172a;
+      font-size: 20px;
+      line-height: 1.18;
+      margin: 0;
+      padding: 4px 0 8px;
+      word-wrap: break-word;
+    }}
+    h2 {{
+      background-color: #f8fafc;
+      border-bottom: 1px solid #cbd5e1;
+      color: #0f172a;
+      font-size: 15px;
+      margin: 0;
+      padding: 12px 0 4px;
+    }}
+    h3 {{
+      color: #0f172a;
+      font-size: 12px;
+      margin: 0 0 3px;
+    }}
+    h4 {{
+      color: #0f172a;
+      font-size: 10px;
+      margin: 10px 0 4px;
+    }}
+    p {{
+      margin: 0;
+      padding: 0 0 7px;
+    }}
+    ul {{
+      margin: 0;
+      padding: 0 0 8px 16px;
+    }}
+    pre {{
+      background: #f8fafc;
+      border: 1px solid #cbd5e1;
+      font-family: Courier, monospace;
+      font-size: 8px;
+      line-height: 1.35;
+      margin: 0;
+      padding: 8px;
+      white-space: pre-wrap;
+    }}
+    .eyebrow {{
+      color: #2563eb;
+      font-size: 9px;
+      font-weight: bold;
+      letter-spacing: 1px;
+      text-transform: uppercase;
+    }}
+    .muted {{
+      color: #475569;
+    }}
+    .stats {{
+      border-collapse: collapse;
+      margin: 8px 0;
+      width: 100%;
+    }}
+    .stats td {{
+      background-color: #ffffff;
+      border: 1px solid #cbd5e1;
+      padding: 8px;
+      width: 25%;
+    }}
+    .stats label {{
+      color: #64748b;
+      display: block;
+      font-size: 8px;
+      text-transform: uppercase;
+    }}
+    .stats strong {{
+      color: #0f172a;
+      display: block;
+      font-size: 18px;
+      margin-top: 4px;
+    }}
+    .stat-icon {{
+      height: 18px;
+      width: 18px;
+    }}
+    .meta-table {{
+      border-collapse: collapse;
+      margin: 8px 0 0;
+      width: 100%;
+    }}
+    .meta-table td {{
+      background-color: #ffffff;
+      border-bottom: 1px solid #e2e8f0;
+      padding: 7px 4px;
+      width: 50%;
+    }}
+    .meta-table label {{
+      color: #64748b;
+      display: block;
+      font-size: 8px;
+      text-transform: uppercase;
+    }}
+    .meta-table strong {{
+      color: #0f172a;
+      display: block;
+      font-size: 10px;
+      margin-top: 2px;
+    }}
+    .finding {{
+      background-color: #ffffff;
+      border: 1px solid #cbd5e1;
+      margin: 0;
+      padding: 10px;
+      page-break-inside: avoid;
+    }}
+    .finding-header {{
+      border-collapse: collapse;
+      margin-bottom: 8px;
+      width: 100%;
+    }}
+    .finding-header td {{
+      vertical-align: top;
+    }}
+    .severity {{
+      color: #ffffff;
+      font-size: 8px;
+      font-weight: bold;
+      padding: 5px 7px;
+      text-align: center;
+      width: 54px;
+    }}
+    .severity-icon {{
+      height: 10px;
+      width: 10px;
+    }}
     .severity-critical {{ background: #991b1b; }}
     .severity-high {{ background: #dc2626; }}
     .severity-medium {{ background: #d97706; }}
     .severity-low {{ background: #2563eb; }}
     .severity-info {{ background: #475569; }}
-    .remediation {{ background: #f0fdf4; border-left: 3px solid #22c55e; margin-top: 8px; padding: 8px; }}
-    .remediation h4, .remediation p {{ color: #166534; }}
+    .remediation {{
+      background: #f0fdf4;
+      border-left: 3px solid #22c55e;
+      margin-top: 8px;
+      padding: 8px;
+    }}
+    .remediation h4,
+    .remediation p {{
+      color: #166534;
+    }}
   </style>
 </head>
 <body bgcolor="#ffffff" style="background-color: #ffffff;">
 <div class="page" style="background-color: #ffffff;">
   <table class="brand-table">
     <tr>
-      <td class="brand-icon"><img src="{icons['shield']}" alt=""></td>
+      <td class="brand-icon"><img src="{shield_icon}" alt=""></td>
       <td>
         <div class="eyebrow">SecuScan security export</div>
         <h1>{target_html}</h1>
@@ -405,17 +556,17 @@ def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any])
 
   <table class="stats">
     <tr>
-      <td><img class="stat-icon" src="{icons['findings']}" alt=""><label>Total findings</label><strong>{len(payload['findings'])}</strong></td>
-      <td><img class="stat-icon" src="{icons['critical']}" alt=""><label>Critical</label><strong>{severity_counts['CRITICAL']}</strong></td>
-      <td><img class="stat-icon" src="{icons['target']}" alt=""><label>High</label><strong>{severity_counts['HIGH']}</strong></td>
-      <td><img class="stat-icon" src="{icons['rows']}" alt=""><label>Structured rows</label><strong>{len(payload['rows'])}</strong></td>
+      <td><img class="stat-icon" src="{findings_icon}" alt=""><label>Total findings</label><strong>{len(payload['findings'])}</strong></td>
+      <td><img class="stat-icon" src="{critical_icon}" alt=""><label>Critical</label><strong>{severity_counts['CRITICAL']}</strong></td>
+      <td><img class="stat-icon" src="{target_icon}" alt=""><label>High</label><strong>{severity_counts['HIGH']}</strong></td>
+      <td><img class="stat-icon" src="{rows_icon}" alt=""><label>Structured rows</label><strong>{len(payload['rows'])}</strong></td>
     </tr>
   </table>
 
-  <h2><img class="stat-icon" src="{icons['shield']}" alt=""> Executive Overview</h2>
+  <h2><img class="stat-icon" src="{shield_icon}" alt=""> Executive Overview</h2>
   <ul>{summary_markup}</ul>
 
-  <h2><img class="stat-icon" src="{icons['clock']}" alt=""> Assessment Details</h2>
+  <h2><img class="stat-icon" src="{clock_icon}" alt=""> Assessment Details</h2>
   <table class="meta-table">
     <tr>
       <td><label>Task ID</label><strong>{cls._escape_html(payload['task_id'] or 'Unknown')}</strong></td>
@@ -427,12 +578,12 @@ def _generate_pdf_html_report(cls, task: Dict[str, Any], result: Dict[str, Any])
     </tr>
   </table>
 
-  <h2><img class="stat-icon" src="{icons['target']}" alt=""> Scan Parameters</h2>
+  <h2><img class="stat-icon" src="{target_icon}" alt=""> Scan Parameters</h2>
   <table class="meta-table">
     {parameter_markup}
   </table>
 
-  <h2><img class="stat-icon" src="{icons['findings']}" alt=""> Technical Findings</h2>
+  <h2><img class="stat-icon" src="{findings_icon}" alt=""> Technical Findings</h2>
   {finding_markup}
 </div>
 </body>
@@ -450,31 +601,30 @@ def generate_pdf_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> by
 
     @classmethod
     def _build_web_finding_markup(cls, finding: Dict[str, Any], target: str, critical_icon: str) -> str:
-        """Helper to generate HTML markup for a single web finding."""
-        evidence_html = f"<section><h4>Evidence</h4><pre>{cls._escape_html(finding['proof'])}</pre></section>" if finding['proof'] else ""
-        remediation_html = f"<section class='remediation'><h4>Recommended action</h4><p>{cls._escape_html(finding['remediation'])}</p></section>" if finding['remediation'] else ""
-        cve_html = f"<section class='meta'><span>CVE: {cls._escape_html(finding['cve'])}</span></section>" if finding['cve'] else ""
+        evidence_html = f"<section><h4>Evidence</h4><pre>{cls._escape_html(finding['proof'])}</pre></section>" if finding.get("proof") else ""
+        remediation_html = f"<section class='remediation'><h4>Recommended action</h4><p>{cls._escape_html(finding['remediation'])}</p></section>" if finding.get("remediation") else ""
+        cve_html = f"<section class='meta'><span>CVE: {cls._escape_html(finding['cve'])}</span></section>" if finding.get("cve") else ""
 
         return f"""
-        <article class="finding-card">
-          <div class="finding-top">
-            <span class="severity severity-{finding['severity'].lower()}"><img class="mini-icon" src="{critical_icon}" alt=""> {cls._escape_html(finding['severity'])}</span>
-            <div class="finding-heading">
-              <h3>{cls._escape_html(finding['title'])}</h3>
-              <p>{cls._escape_html(finding['category'])} | {cls._escape_html_with_breaks(finding['target'] or target)}</p>
-            </div>
-          </div>
-          <div class="finding-body">
-            <section>
-              <h4>Description</h4>
-              <p>{cls._escape_html(finding['description'])}</p>
-            </section>
-            {evidence_html}
-            {remediation_html}
-            {cve_html}
-          </div>
-        </article>
-        """
+            <article class="finding-card">
+                <div class="finding-top">
+                    <span class="severity severity-{finding['severity'].lower()}"><img class="mini-icon" src="{critical_icon}" alt=""> {cls._escape_html(finding['severity'])}</span>
+                    <div class="finding-heading">
+                        <h3>{cls._escape_html(finding['title'])}</h3>
+                        <p>{cls._escape_html(finding['category'])} | {cls._escape_html_with_breaks(finding['target'] or target)}</p>
+                    </div>
+                </div>
+                <div class="finding-body">
+                    <section>
+                        <h4>Description</h4>
+                        <p>{cls._escape_html(finding['description'])}</p>
+                    </section>
+                    {evidence_html}
+                    {remediation_html}
+                    {cve_html}
+                </div>
+            </article>
+            """
 
     @classmethod
     def generate_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> str:
@@ -482,34 +632,35 @@ def generate_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> s
         payload = cls._build_report_payload(task, result)
         severity_counts = payload["severity_counts"]
 
-        icons = {
-            "shield": cls._icon_data_uri("shield", "1e3a5f"),
-            "target": cls._icon_data_uri("target", "2563eb"),
-            "findings": cls._icon_data_uri("findings", "0f172a"),
-            "critical": cls._icon_data_uri("critical", "991b1b"),
-            "rows": cls._icon_data_uri("rows", "2563eb"),
-            "clock": cls._icon_data_uri("clock", "475569")
-        }
+        shield_icon = cls._icon_data_uri("shield", "1e3a5f")
+        target_icon = cls._icon_data_uri("target", "2563eb")
+        findings_icon = cls._icon_data_uri("findings", "0f172a")
+        critical_icon = cls._icon_data_uri("critical", "991b1b")
+        rows_icon = cls._icon_data_uri("rows", "2563eb")
+        clock_icon = cls._icon_data_uri("clock", "475569")
 
         target_html = cls._escape_html_with_breaks(payload["target"])
-        summary_markup = "".join(f"<li>{cls._escape_html(line)}</li>" for line in payload["summary"])
+
+        summary_markup = "".join(
+            f"<li>{cls._escape_html(line)}</li>" for line in payload["summary"]
+        )
         parameter_markup = "".join(
             f"<div class=\"meta-card\"><label>{cls._escape_html(item['label'])}</label><strong>{cls._escape_html(item['value'])}</strong></div>"
             for item in payload["scan_parameters"]
         )
 
         finding_markup = "".join(
-            cls._build_web_finding_markup(finding, payload['target'], icons['critical'])
+            cls._build_web_finding_markup(finding, payload["target"], critical_icon)
             for finding in payload["findings"]
         )
 
         if not finding_markup:
             finding_markup = """
             <article class="finding-card empty-state">
-              <div class="finding-body">
-                <h3>No structured findings were available</h3>
-                <p>This report finished without parsed findings. Review the raw task output in SecuScan for more detail.</p>
-              </div>
+                <div class="finding-body">
+                    <h3>No structured findings were available</h3>
+                    <p>This report finished without parsed findings. Review the raw task output in SecuScan for more detail.</p>
+                </div>
             </article>
             """
 
@@ -521,64 +672,243 @@ def generate_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> s
   <title>SecuScan Report - {cls._escape_html(payload['target'])}</title>
   <style>
     :root {{
-      --ink: #0f172a; --muted: #475569; --subtle: #64748b; --panel: #ffffff;
-      --panel-alt: #f8fafc; --line: #e2e8f0; --bg: linear-gradient(180deg, #e0f2fe 0%, #f8fafc 22%, #f8fafc 100%);
-      --critical: #991b1b; --high: #dc2626; --medium: #d97706; --low: #2563eb; --info: #475569;
-      --success-bg: #f0fdf4; --success-ink: #166534;
+      --ink: #0f172a;
+      --muted: #475569;
+      --subtle: #64748b;
+      --panel: #ffffff;
+      --panel-alt: #f8fafc;
+      --line: #e2e8f0;
+      --bg: linear-gradient(180deg, #e0f2fe 0%, #f8fafc 22%, #f8fafc 100%);
+      --critical: #991b1b;
+      --high: #dc2626;
+      --medium: #d97706;
+      --low: #2563eb;
+      --info: #475569;
+      --success-bg: #f0fdf4;
+      --success-ink: #166534;
     }}
     * {{ box-sizing: border-box; }}
-    body {{ margin: 0; font-family: "Segoe UI", Arial, sans-serif; background: var(--bg); color: var(--ink); padding: 36px 18px 80px; line-height: 1.6; }}
+    body {{
+      margin: 0;
+      font-family: "Segoe UI", Arial, sans-serif;
+      background: var(--bg);
+      color: var(--ink);
+      padding: 36px 18px 80px;
+      line-height: 1.6;
+    }}
     .shell {{ max-width: 1100px; margin: 0 auto; }}
-    .hero {{ background: linear-gradient(135deg, #0f172a 0%, #1d4ed8 58%, #0f766e 100%); color: white; border-radius: 24px; padding: 32px; box-shadow: 0 24px 60px rgba(15, 23, 42, 0.18); }}
-    .hero-title {{ align-items: flex-start; display: flex; gap: 16px; }}
-    .hero-icon {{ border: 1px solid rgba(255, 255, 255, 0.28); border-radius: 16px; height: 56px; padding: 8px; width: 56px; }}
-    .hero-icon img, .card-icon img, .section-icon, .mini-icon {{ display: block; }}
-    .card-icon img {{ height: 26px; width: 26px; }}
-    .section-icon {{ display: inline-block; height: 22px; margin-right: 8px; vertical-align: middle; width: 22px; }}
-    .mini-icon {{ display: inline-block; height: 14px; margin-right: 4px; vertical-align: middle; width: 14px; }}
-    .eyebrow {{ letter-spacing: 0.16em; text-transform: uppercase; font-size: 12px; opacity: 0.85; margin-bottom: 10px; }}
+    .hero {{
+      background: linear-gradient(135deg, #0f172a 0%, #1d4ed8 58%, #0f766e 100%);
+      color: white;
+      border-radius: 24px;
+      padding: 32px;
+      box-shadow: 0 24px 60px rgba(15, 23, 42, 0.18);
+    }}
+    .hero-title {{
+      align-items: flex-start;
+      display: flex;
+      gap: 16px;
+    }}
+    .hero-icon {{
+      border: 1px solid rgba(255, 255, 255, 0.28);
+      border-radius: 16px;
+      height: 56px;
+      padding: 8px;
+      width: 56px;
+    }}
+    .hero-icon img, .card-icon img, .section-icon, .mini-icon {{
+      display: block;
+    }}
+    .card-icon img {{
+      height: 26px;
+      width: 26px;
+    }}
+    .section-icon {{
+      display: inline-block;
+      height: 22px;
+      margin-right: 8px;
+      vertical-align: middle;
+      width: 22px;
+    }}
+    .mini-icon {{
+      display: inline-block;
+      height: 14px;
+      margin-right: 4px;
+      vertical-align: middle;
+      width: 14px;
+    }}
+    .eyebrow {{
+      letter-spacing: 0.16em;
+      text-transform: uppercase;
+      font-size: 12px;
+      opacity: 0.85;
+      margin-bottom: 10px;
+    }}
     h1 {{ margin: 0; font-size: clamp(2rem, 5vw, 3.5rem); line-height: 1.05; }}
     .hero p {{ max-width: 760px; color: rgba(255, 255, 255, 0.86); }}
-    .meta-grid, .stat-grid {{ display: grid; gap: 16px; margin-top: 24px; }}
+    .meta-grid, .stat-grid {{
+      display: grid;
+      gap: 16px;
+      margin-top: 24px;
+    }}
     .meta-grid {{ grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); }}
     .stat-grid {{ grid-template-columns: repeat(auto-fit, minmax(150px, 1fr)); margin-top: 28px; }}
-    .meta-card, .stat-card, .finding-card {{ background: var(--panel); border: 1px solid var(--line); border-radius: 20px; box-shadow: 0 14px 40px rgba(15, 23, 42, 0.06); }}
+    .meta-card, .stat-card, .finding-card {{
+      background: var(--panel);
+      border: 1px solid var(--line);
+      border-radius: 20px;
+      box-shadow: 0 14px 40px rgba(15, 23, 42, 0.06);
+    }}
     .meta-card, .stat-card {{ padding: 18px 20px; }}
-    .meta-card label, .stat-card label {{ display: block; font-size: 11px; text-transform: uppercase; letter-spacing: 0.12em; color: var(--subtle); margin-bottom: 8px; font-weight: 700; }}
-    .meta-card strong, .stat-card strong {{ font-size: 1.35rem; color: var(--ink); }}
-    .stat-card {{ position: relative; overflow: hidden; }}
-    .stat-card-header {{ align-items: center; display: flex; justify-content: space-between; margin-bottom: 8px; }}
-    .stat-card::before {{ content: ""; position: absolute; inset: 0 auto 0 0; width: 6px; background: var(--accent, var(--info)); }}
-    .section {{ margin-top: 28px; background: rgba(255, 255, 255, 0.58); backdrop-filter: blur(12px); border: 1px solid rgba(226, 232, 240, 0.9); border-radius: 24px; padding: 26px; }}
-    .section h2 {{ margin: 0 0 10px; font-size: 1.6rem; }}
-    .section-copy {{ margin: 0 0 18px; color: var(--muted); }}
-    .summary-list {{ margin: 0; padding-left: 20px; color: var(--muted); }}
-    .findings {{ display: grid; gap: 18px; }}
-    .finding-card {{ overflow: hidden; }}
-    .finding-top {{ display: flex; gap: 16px; align-items: flex-start; padding: 20px 22px 14px; border-bottom: 1px solid var(--line); background: var(--panel-alt); }}
-    .finding-heading h3 {{ margin: 0 0 4px; font-size: 1.2rem; }}
-    .finding-heading p {{ margin: 0; color: var(--subtle); font-size: 0.95rem; }}
-    .severity {{ display: inline-flex; align-items: center; justify-content: center; min-width: 90px; padding: 7px 12px; border-radius: 999px; color: white; font-size: 12px; font-weight: 800; letter-spacing: 0.08em; text-transform: uppercase; }}
+    .meta-card label, .stat-card label {{
+      display: block;
+      font-size: 11px;
+      text-transform: uppercase;
+      letter-spacing: 0.12em;
+      color: var(--subtle);
+      margin-bottom: 8px;
+      font-weight: 700;
+    }}
+    .meta-card strong, .stat-card strong {{
+      font-size: 1.35rem;
+      color: var(--ink);
+    }}
+    .stat-card {{
+      position: relative;
+      overflow: hidden;
+    }}
+    .stat-card-header {{
+      align-items: center;
+      display: flex;
+      justify-content: space-between;
+      margin-bottom: 8px;
+    }}
+    .stat-card::before {{
+      content: "";
+      position: absolute;
+      inset: 0 auto 0 0;
+      width: 6px;
+      background: var(--accent, var(--info));
+    }}
+    .section {{
+      margin-top: 28px;
+      background: rgba(255, 255, 255, 0.58);
+      backdrop-filter: blur(12px);
+      border: 1px solid rgba(226, 232, 240, 0.9);
+      border-radius: 24px;
+      padding: 26px;
+    }}
+    .section h2 {{
+      margin: 0 0 10px;
+      font-size: 1.6rem;
+    }}
+    .section-copy {{
+      margin: 0 0 18px;
+      color: var(--muted);
+    }}
+    .summary-list {{
+      margin: 0;
+      padding-left: 20px;
+      color: var(--muted);
+    }}
+    .findings {{
+      display: grid;
+      gap: 18px;
+    }}
+    .finding-card {{
+      overflow: hidden;
+    }}
+    .finding-top {{
+      display: flex;
+      gap: 16px;
+      align-items: flex-start;
+      padding: 20px 22px 14px;
+      border-bottom: 1px solid var(--line);
+      background: var(--panel-alt);
+    }}
+    .finding-heading h3 {{
+      margin: 0 0 4px;
+      font-size: 1.2rem;
+    }}
+    .finding-heading p {{
+      margin: 0;
+      color: var(--subtle);
+      font-size: 0.95rem;
+    }}
+    .severity {{
+      display: inline-flex;
+      align-items: center;
+      justify-content: center;
+      min-width: 90px;
+      padding: 7px 12px;
+      border-radius: 999px;
+      color: white;
+      font-size: 12px;
+      font-weight: 800;
+      letter-spacing: 0.08em;
+      text-transform: uppercase;
+    }}
     .severity-critical {{ background: var(--critical); }}
     .severity-high {{ background: var(--high); }}
     .severity-medium {{ background: var(--medium); }}
     .severity-low {{ background: var(--low); }}
     .severity-info {{ background: var(--info); }}
-    .finding-body {{ padding: 22px; display: grid; gap: 16px; }}
-    .finding-body h4 {{ margin: 0 0 6px; font-size: 0.95rem; }}
-    .finding-body p, .finding-body pre {{ margin: 0; color: var(--muted); }}
-    .finding-body pre {{ white-space: pre-wrap; word-break: break-word; background: #0f172a; color: #dbeafe; padding: 16px; border-radius: 14px; font-size: 0.9rem; }}
-    .remediation {{ background: var(--success-bg); border-left: 4px solid #22c55e; padding: 16px; border-radius: 14px; }}
+    .finding-body {{
+      padding: 22px;
+      display: grid;
+      gap: 16px;
+    }}
+    .finding-body h4 {{
+      margin: 0 0 6px;
+      font-size: 0.95rem;
+    }}
+    .finding-body p, .finding-body pre {{
+      margin: 0;
+      color: var(--muted);
+    }}
+    .finding-body pre {{
+      white-space: pre-wrap;
+      word-break: break-word;
+      background: #0f172a;
+      color: #dbeafe;
+      padding: 16px;
+      border-radius: 14px;
+      font-size: 0.9rem;
+    }}
+    .remediation {{
+      background: var(--success-bg);
+      border-left: 4px solid #22c55e;
+      padding: 16px;
+      border-radius: 14px;
+    }}
     .remediation p, .remediation h4 {{ color: var(--success-ink); }}
     .empty-state {{ text-align: center; }}
-    @page {{ size: A4; margin: 14mm 12mm 16mm; }}
+    @page {{
+      size: A4;
+      margin: 14mm 12mm 16mm;
+    }}
     @media print {{
-      body {{ background: white; padding: 0; print-color-adjust: exact; }}
+      body {{
+        background: white;
+        padding: 0;
+        print-color-adjust: exact;
+      }}
       .shell {{ max-width: none; }}
-      .hero {{ box-shadow: none; break-inside: avoid; }}
-      .meta-card, .stat-card, .finding-card {{ break-inside: avoid; }}
-      .finding-top {{ break-after: avoid; }}
-      .finding-body section {{ break-inside: avoid; }}
+      .hero {{
+        box-shadow: none;
+        break-inside: avoid;
+      }}
+      .meta-card,
+      .stat-card,
+      .finding-card {{
+        break-inside: avoid;
+      }}
+      .finding-top {{
+        break-after: avoid;
+      }}
+      .finding-body section {{
+        break-inside: avoid;
+      }}
       .section, .meta-card, .stat-card, .finding-card {{ box-shadow: none; }}
     }}
   </style>
@@ -587,7 +917,7 @@ def generate_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> s
   <div class="shell">
     <section class="hero">
       <div class="hero-title">
-        <div class="hero-icon"><img src="{icons['shield']}" alt=""></div>
+        <div class="hero-icon"><img src="{shield_icon}" alt=""></div>
         <div>
           <div class="eyebrow">SecuScan security export</div>
           <h1>{target_html}</h1>
@@ -597,33 +927,33 @@ def generate_html_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> s
     </section>
 
     <div class="meta-grid">
-      <div class="meta-card"><div class="stat-card-header"><label>Tool</label><span class="card-icon"><img src="{icons['target']}" alt=""></span></div><strong>{cls._escape_html(payload['tool_name'])}</strong></div>
-      <div class="meta-card"><div class="stat-card-header"><label>Status</label><span class="card-icon"><img src="{icons['shield']}" alt=""></span></div><strong>{cls._escape_html(payload['status'].upper())}</strong></div>
-      <div class="meta-card"><div class="stat-card-header"><label>Task Started</label><span class="card-icon"><img src="{icons['clock']}" alt=""></span></div><strong>{cls._escape_html(cls._format_timestamp(payload['created_at']))}</strong></div>
-      <div class="meta-card"><div class="stat-card-header"><label>Exported</label><span class="card-icon"><img src="{icons['rows']}" alt=""></span></div><strong>{cls._escape_html(payload['generated_at'])}</strong></div>
+      <div class="meta-card"><div class="stat-card-header"><label>Tool</label><span class="card-icon"><img src="{target_icon}" alt=""></span></div><strong>{cls._escape_html(payload['tool_name'])}</strong></div>
+      <div class="meta-card"><div class="stat-card-header"><label>Status</label><span class="card-icon"><img src="{shield_icon}" alt=""></span></div><strong>{cls._escape_html(payload['status'].upper())}</strong></div>
+      <div class="meta-card"><div class="stat-card-header"><label>Task Started</label><span class="card-icon"><img src="{clock_icon}" alt=""></span></div><strong>{cls._escape_html(cls._format_timestamp(payload['created_at']))}</strong></div>
+      <div class="meta-card"><div class="stat-card-header"><label>Exported</label><span class="card-icon"><img src="{rows_icon}" alt=""></span></div><strong>{cls._escape_html(payload['generated_at'])}</strong></div>
     </div>
 
     <div class="stat-grid">
-      <div class="stat-card" style="--accent: #0f172a;"><div class="stat-card-header"><label>Total findings</label><span class="card-icon"><img src="{icons['findings']}" alt=""></span></div><strong>{len(payload['findings'])}</strong></div>
-      <div class="stat-card" style="--accent: #991b1b;"><div class="stat-card-header"><label>Critical</label><span class="card-icon"><img src="{icons['critical']}" alt=""></span></div><strong>{severity_counts['CRITICAL']}</strong></div>
-      <div class="stat-card" style="--accent: #dc2626;"><div class="stat-card-header"><label>High</label><span class="card-icon"><img src="{icons['target']}" alt=""></span></div><strong>{severity_counts['HIGH']}</strong></div>
-      <div class="stat-card" style="--accent: #2563eb;"><div class="stat-card-header"><label>Structured rows</label><span class="card-icon"><img src="{icons['rows']}" alt=""></span></div><strong>{len(payload['rows'])}</strong></div>
+      <div class="stat-card" style="--accent: #0f172a;"><div class="stat-card-header"><label>Total findings</label><span class="card-icon"><img src="{findings_icon}" alt=""></span></div><strong>{len(payload['findings'])}</strong></div>
+      <div class="stat-card" style="--accent: #991b1b;"><div class="stat-card-header"><label>Critical</label><span class="card-icon"><img src="{critical_icon}" alt=""></span></div><strong>{severity_counts['CRITICAL']}</strong></div>
+      <div class="stat-card" style="--accent: #dc2626;"><div class="stat-card-header"><label>High</label><span class="card-icon"><img src="{target_icon}" alt=""></span></div><strong>{severity_counts['HIGH']}</strong></div>
+      <div class="stat-card" style="--accent: #2563eb;"><div class="stat-card-header"><label>Structured rows</label><span class="card-icon"><img src="{rows_icon}" alt=""></span></div><strong>{len(payload['rows'])}</strong></div>
     </div>
 
     <section class="section">
-      <h2><img class="section-icon" src="{icons['shield']}" alt="">Executive Overview</h2>
+      <h2><img class="section-icon" src="{shield_icon}" alt="">Executive Overview</h2>
       <p class="section-copy">Key takeaways generated from the parsed assessment data.</p>
       <ul class="summary-list">{summary_markup}</ul>
     </section>
 
     <section class="section">
-      <h2><img class="section-icon" src="{icons['target']}" alt="">Scan Parameters</h2>
+      <h2><img class="section-icon" src="{target_icon}" alt="">Scan Parameters</h2>
       <p class="section-copy">Runtime configuration captured for this task, including the selected Nikto flags and SecuScan preset context.</p>
       <div class="meta-grid">{parameter_markup}</div>
     </section>
 
     <section class="section">
-      <h2><img class="section-icon" src="{icons['findings']}" alt="">Technical Findings</h2>
+      <h2><img class="section-icon" src="{findings_icon}" alt="">Technical Findings</h2>
       <p class="section-copy">Detailed finding cards with severity context, supporting evidence, and recommended next actions.</p>
       <div class="findings">{finding_markup}</div>
     </section>
@@ -638,7 +968,17 @@ def generate_csv_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> st
         output = io.StringIO()
         writer = csv.writer(output)
         writer.writerow(
-            ["Severity", "Title", "Category", "Target", "CVSS", "CVE", "Description", "Evidence", "Remediation"]
+            [
+                "Severity",
+                "Title",
+                "Category",
+                "Target",
+                "CVSS",
+                "CVE",
+                "Description",
+                "Evidence",
+                "Remediation",
+            ]
         )
         for finding in payload["findings"]:
             writer.writerow(
@@ -706,6 +1046,15 @@ def _extract_sarif_locations(cls, finding: Dict[str, Any], default_target: str)
     def generate_sarif_report(cls, task: Dict[str, Any], result: Dict[str, Any]) -> str:
         """Generate a SARIF v2.1.0 report for GitHub Code Scanning."""
         payload = cls._build_report_payload(task, result)
+        tool_name = payload["tool_name"]
+
+        severity_map = {
+            "CRITICAL": "error",
+            "HIGH": "error",
+            "MEDIUM": "warning",
+            "LOW": "note",
+            "INFO": "note"
+        }
 
         rules = []
         rule_indices = {}
@@ -719,17 +1068,27 @@ def generate_sarif_report(cls, task: Dict[str, Any], result: Dict[str, Any]) ->
                 rules.append({
                     "id": rule_id,
                     "name": finding.get("title", "Security Finding"),
-                    "shortDescription": {"text": finding.get("title", "Security Finding")},
-                    "fullDescription": {"text": finding.get("description", "No detailed description available.")},
-                    "help": {"text": finding.get("remediation", "No remediation provided.")},
-                    "properties": {"precision": "high"}
+                    "shortDescription": {
+                        "text": finding.get("title", "Security Finding")
+                    },
+                    "fullDescription": {
+                        "text": finding.get("description", "No detailed description available.")
+                    },
+                    "help": {
+                        "text": finding.get("remediation", "No remediation provided.")
+                    },
+                    "properties": {
+                        "precision": "high"
+                    }
                 })
 
             sarif_result = {
                 "ruleId": rule_id,
                 "ruleIndex": rule_indices[rule_id],
-                "message": {"text": finding.get("description", "Security finding detected")},
-                "level": cls.SARIF_SEVERITY_MAP.get(finding["severity"], "note"),
+                "message": {
+                    "text": finding.get("description", "Security finding detected")
+                },
+                "level": severity_map.get(finding["severity"], "note"),
                 "locations": cls._extract_sarif_locations(finding, payload["target"])
             }
             results.append(sarif_result)
@@ -741,7 +1100,7 @@ def generate_sarif_report(cls, task: Dict[str, Any], result: Dict[str, Any]) ->
                 {
                     "tool": {
                         "driver": {
-                            "name": payload["tool_name"],
+                            "name": tool_name,
                             "version": "1.0.0",
                             "informationUri": "https://github.com/utksh1/SecuScan",
                             "rules": rules
@@ -754,4 +1113,5 @@ def generate_sarif_report(cls, task: Dict[str, Any], result: Dict[str, Any]) ->
 
         return json.dumps(sarif_output, indent=2)
 
+
 reporting = ReportGenerator()