3.7 KiB
Security Audit Report
Project: {{project_name}} Date: {{date}} Scope: {{audit_scope}} Auditor: {{user_name}} + TEA Agent
Executive Summary
{{executive_summary}}
Risk Summary
| Severity | Count | Status |
|---|---|---|
| Critical | {{critical_count}} | {{critical_status}} |
| High | {{high_count}} | {{high_status}} |
| Medium | {{medium_count}} | {{medium_status}} |
| Low | {{low_count}} | {{low_status}} |
Overall Risk Level: {{overall_risk}}
Technology Stack
| Component | Technology | Version |
|---|---|---|
| Framework | {{framework}} | {{framework_version}} |
| Language | {{language}} | {{language_version}} |
| Database | {{database}} | {{database_version}} |
| Authentication | {{auth_method}} | - |
Critical Findings
{{#each critical_findings}}
{{this.id}}: {{this.title}}
Severity: CRITICAL
Category: {{this.category}}
Location: {{this.location}}
Description: {{this.description}}
Evidence:
{{this.evidence}}
Impact: {{this.impact}}
Remediation: {{this.remediation}}
References:
- {{this.references}}
{{/each}}
High Severity Findings
{{#each high_findings}}
{{this.id}}: {{this.title}}
Severity: HIGH
Category: {{this.category}}
Location: {{this.location}}
Description: {{this.description}}
Remediation: {{this.remediation}}
{{/each}}
Medium Severity Findings
{{#each medium_findings}}
{{this.id}}: {{this.title}}
Severity: MEDIUM
Category: {{this.category}}
Location: {{this.location}}
Description: {{this.description}}
Remediation: {{this.remediation}}
{{/each}}
Low Severity Findings
{{#each low_findings}}
{{this.id}}: {{this.title}}
Severity: LOW Category: {{this.category}}
Description: {{this.description}}
Remediation: {{this.remediation}}
{{/each}}
Dependency Vulnerabilities
| Package | Version | CVE | Severity | Fix Version |
|---|---|---|---|---|
| {{#each dependency_vulns}} | ||||
| {{this.package}} | {{this.version}} | {{this.cve}} | {{this.severity}} | {{this.fix_version}} |
| {{/each}} |
Secret Detection Results
| Type | File | Line | Status |
|---|---|---|---|
| {{#each secrets_found}} | |||
| {{this.type}} | {{this.file}} | {{this.line}} | {{this.status}} |
| {{/each}} |
OWASP Coverage
| Category | Status | Findings |
|---|---|---|
| A01 - Broken Access Control | {{a01_status}} | {{a01_count}} |
| A02 - Cryptographic Failures | {{a02_status}} | {{a02_count}} |
| A03 - Injection | {{a03_status}} | {{a03_count}} |
| A04 - Insecure Design | {{a04_status}} | {{a04_count}} |
| A05 - Security Misconfiguration | {{a05_status}} | {{a05_count}} |
| A06 - Vulnerable Components | {{a06_status}} | {{a06_count}} |
| A07 - Authentication Failures | {{a07_status}} | {{a07_count}} |
| A08 - Software Integrity Failures | {{a08_status}} | {{a08_count}} |
| A09 - Logging & Monitoring Failures | {{a09_status}} | {{a09_count}} |
| A10 - SSRF | {{a10_status}} | {{a10_count}} |
Recommendations
Immediate Actions (Critical/High)
- {{immediate_action_1}}
- {{immediate_action_2}}
- {{immediate_action_3}}
Short-term Actions (Medium)
- {{short_term_action_1}}
- {{short_term_action_2}}
Long-term Improvements (Low/Hardening)
- {{long_term_action_1}}
- {{long_term_action_2}}
Appendix A: Tools Used
- Dependency Scanner: {{dep_scanner}}
- Secret Scanner: {{secret_scanner}}
- Static Analysis: {{static_analysis}}
Appendix B: Files Reviewed
{{#each files_reviewed}}
{{this}}{{/each}}
Report Generated: {{timestamp}} Next Audit Recommended: {{next_audit_date}}