Reports & Exports¶
rimae/scan supports exporting vulnerability data in four formats: CSV, JSON, HTML, and PDF. All exports apply the same filtering options as the vulnerability matches list, allowing you to generate targeted reports for specific assets, severity levels, or remediation status.
Export Formats¶
rimae/scan supports seven export formats: CSV, JSON, HTML, PDF, XLSX, CycloneDX SBOM, and SPDX.
CSV Export¶
The CSV exporter produces a flat file with one row per vulnerability match. This format is suitable for spreadsheet analysis, SIEM ingestion, or data pipeline consumption.
Content-Type: text/csv
File extension: .csv
Columns:
| Column | Description |
|---|---|
| CVE ID | CVE identifier |
| Asset Hostname | Hostname of the affected asset |
| Package | Package or component name |
| Installed Version | Currently installed version |
| Fixed Version | Version that resolves the vulnerability |
| Composite Score | rimae/scan's weighted composite risk score |
| CVSS | CVSS v3.1 base score |
| EPSS | Exploit Prediction Scoring System probability |
| KEV | Whether the CVE is in the CISA KEV catalog |
| Exploit | Whether a public exploit exists |
| Patch Available | Whether a patch is available |
| Status | Current triage status |
JSON Export¶
The JSON exporter wraps vulnerability data in a standard envelope format, suitable for API consumers and automated processing.
Content-Type: application/json
File extension: .json
Envelope structure:
{
"export_format": "json",
"total": 142,
"data": [
{
"cve_id": "CVE-2024-1234",
"asset_hostname": "web-prod-01",
"package_name": "openssl",
"installed_version": "3.0.2",
"fixed_version": "3.0.14",
"composite_score": 8.7,
"cvss_score": 9.1,
"epss_score": 0.42,
"kev_confirmed": true,
"has_public_exploit": true,
"patch_available": true,
"status": "open",
"first_seen_at": "2024-03-15T10:30:00+00:00",
"last_confirmed_at": "2024-03-20T08:15:00+00:00"
}
]
}
The JSON output uses Go's encoding/json for serialization with pretty-printing.
HTML Export¶
The HTML exporter renders a self-contained report using Go's html/template package with inline CSS. The output includes a severity breakdown summary, a data table, and branding elements.
Content-Type: text/html
File extension: .html
Features: - Self-contained (no external stylesheets or scripts) - Severity breakdown counts (critical, high, medium, low, informational) - Generated timestamp - White-label branding applied automatically (see Branding Customization) - XSS-safe (Go html/template autoescaping enabled)
PDF Export¶
The PDF exporter builds on the HTML exporter, rendering the same branded template and converting it to a paginated PDF document via maroto v2 (a pure Go PDF library -- no external dependencies required).
Content-Type: application/pdf
File extension: .pdf
Features: - Paginated output suitable for printing - All HTML export features (branding, severity breakdown, data table) - Proper page breaks for large data sets
XLSX Export¶
The XLSX exporter produces an Excel workbook with formatted columns, auto-filters, and conditional formatting for severity levels.
Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
File extension: .xlsx
CycloneDX SBOM Export¶
The CycloneDX exporter generates a Software Bill of Materials in CycloneDX JSON format, suitable for supply chain compliance and SBOM sharing.
Content-Type: application/vnd.cyclonedx+json
File extension: .cdx.json
SPDX Export¶
The SPDX exporter generates an SPDX document describing software packages and their associated vulnerabilities.
Content-Type: application/spdx+json
File extension: .spdx.json
Report Types¶
rimae/scan includes four report templates that control the layout and content of HTML and PDF exports:
| Report Type | Template | Description |
|---|---|---|
vuln_report |
vuln_report.html |
Full vulnerability detail (default) |
asset_report |
asset_report.html |
Asset-centric view of vulnerabilities |
remediation_queue |
remediation_queue.html |
Prioritized list for remediation teams |
executive_summary |
executive_summary.html |
High-level summary for management |
Specify the report type using the report_type query parameter.
Triggering Exports¶
Via the UI¶
The rimae/scan frontend provides an Export button on vulnerability list views. Select the desired format and any active filters will be applied to the export.
Via the API¶
Exports are available at GET /api/export/{format} where {format} is one of csv, json, html, or pdf.
Authentication required: Yes (Bearer JWT or API key)
Example: CSV export of all critical vulnerabilities
curl -H "Authorization: Bearer $TOKEN" \
"https://rimae-scan.example.com/api/export/csv?severity=critical" \
-o critical_vulns.csv
Example: PDF report for a specific asset
curl -H "Authorization: Bearer $TOKEN" \
"https://rimae-scan.example.com/api/export/pdf?asset_id=<uuid>&report_type=asset_report" \
-o asset_report.pdf
Example: JSON export of KEV-confirmed vulnerabilities with public exploits
curl -H "Authorization: Bearer $TOKEN" \
"https://rimae-scan.example.com/api/export/json?kev=true&has_exploit=true" \
-o kev_exploitable.json
Filter Parameters¶
All export endpoints accept the same filter parameters:
| Parameter | Type | Description |
|---|---|---|
report_type |
string | Report template to use (default: vuln_report) |
asset_id |
UUID | Filter to a specific asset |
cve_id |
string | Filter to a specific CVE |
status |
string | Filter by triage status (open, in_review, accepted_risk, resolved) |
severity |
string | Filter by severity level (critical, high, medium, low) |
kev |
boolean | Filter to CISA KEV catalog entries only |
has_exploit |
boolean | Filter to vulnerabilities with known public exploits |
patch_available |
boolean | Filter by patch availability |
min_score |
float | Minimum composite score (0.0 -- 10.0) |
max_score |
float | Maximum composite score (0.0 -- 10.0) |
Results are sorted by composite score in descending order (highest risk first).
Branding Customization for Reports¶
HTML and PDF exports automatically incorporate your branding settings. The following branding fields affect exported reports:
| Branding Field | Effect on Reports |
|---|---|
product_name |
Appears in the report title and header |
primary_color |
Used for headings and accent elements |
accent_color |
Used for highlights and status indicators |
report_header_text |
Custom text displayed at the top of the report |
report_footer_text |
Custom text displayed at the bottom of the report |
hide_rimae-scan_attribution |
When true, removes "Powered by rimae/scan" from reports |
If no custom branding is configured, reports use the default rimae/scan branding (purple/teal color scheme).
Rate Limiting¶
Export endpoints are subject to a stricter per-user rate limit than standard write endpoints. This prevents excessive resource consumption from large report generation requests. See the API Reference for specific limits.
Related Documentation¶
- Settings Reference -- Branding configuration
- API Reference -- Export endpoint details
- Troubleshooting -- Common export issues