Reporting & Export
The Reports page (sidebar โ Reports) provides two things: a scan summary you can export without any AI configuration, and an AI-powered narrative report when an LLM is configured.
Scan Summary Report
The summary section is always available โ no AI or internet connection required. It loads from your local scan database and shows:
- Total Analyses โ count of all scans across all analyzers
- Total Findings โ sum of all findings (same counting logic as the Dashboard)
- PQC Vulnerabilities โ findings classified as quantum-related
- Avg Risk Score โ average 0โ100 quantum risk score across Binary, Certificate, and Network scans
- Findings by Severity โ Critical / High / Medium / Low breakdown from code scans
- By Analyzer โ per-analyzer scan count and finding count (Code, Binary, Certificate, Network)
- Scan History table โ most recent 50 scans with target, analyzer type, date, and a per-scan download button
Bulk Export
The Export CSV and Export JSON buttons at the top right of the summary card export all scan records (up to 500, most recent first) as a download.
Export formats
| Format | Contents | Use case |
|---|---|---|
| CSV | One row per scan: id, target, scan_type, timestamp, findings_count, risk_score | Spreadsheet analysis, dashboards, SIEM ingestion |
| JSON | Same fields as CSV plus exported_at and total envelope | API integration, scripting, custom tooling |
Both formats are available on all license tiers. The export endpoint is GET /api/reports/export?format=json|csv.
Per-Scan Export
Each row in the scan history table has a download button that exports the full scan record for that individual scan as JSON. This includes the complete scan_data payload โ all findings, risk scores, and raw analysis output.
Per-scan exports are also available from within each analyzer's results view via the export menu. Supported formats per analyzer:
| Format | Availability |
|---|---|
| JSON | Enterprise license |
| CSV | Enterprise license |
| HTML | All tiers |
| SARIF | Enterprise license |
The per-scan export endpoint is GET /api/scan/export/{scan_id}?format=json|csv|html|sarif.
AI Report Generator
Below the scan summary, the AI Report Generator produces a narrative security assessment in Markdown. It requires an LLM provider configured in Settings โ AI Configuration.
How it works
- The page loads your scan history and groups scans by analyzer type (Code, Certificate, Binary, Network)
- All analyzer types with at least one scan are pre-selected โ deselect any you want to exclude
- Optionally add context in the text box (e.g. "Executive summary for CISO review" or "Technical remediation plan for the backend team")
- Click Generate Report โ Rivet fetches the scan data for all selected analyzers, builds a structured prompt, and sends it to your LLM
- The report appears in the output panel below
Report structure
The generated report follows this structure:
- Executive Summary โ 2โ3 sentences on the most critical quantum vulnerabilities and overall risk level
- Risk Overview โ overall quantum risk assessment with key risk factors
- Key Findings by Category โ critical quantum vulnerabilities, code security issues, infrastructure vulnerabilities, binary analysis results
- Post-Quantum Cryptography Recommendations โ immediate actions (0โ3 months), short-term migration (3โ12 months), long-term strategy (1โ3 years)
- Technical Implementation Guide โ specific remediation steps
- Compliance and Business Impact โ regulatory implications and business risk
Export options
Once generated, the report can be exported in three formats:
| Format | How it works |
|---|---|
| Export MD | Downloads the raw Markdown text as a .md file |
| Export HTML | Downloads the report as an .html file |
| Export PDF | Opens the report in a new browser tab formatted for printing โ use your browser's Print โ Save as PDF |
LLM providers
The AI report uses the same LLM configuration as AI Fixes. Configure in Settings โ AI Configuration.
| Provider | Notes |
|---|---|
| Google Gemini | Default โ requires a Google AI API key |
| Anthropic Claude | Requires an Anthropic API key |
| OpenAI GPT | Requires an OpenAI API key |
| Custom / On-Premise | Ollama, LM Studio, Azure OpenAI, vLLM โ for air-gapped or self-hosted deployments (Enterprise) |
If AI is not configured, the AI Report Generator section shows a prompt to configure it in Settings. The scan summary and export buttons above it are unaffected.
API Endpoints
| Endpoint | Description |
|---|---|
GET /api/reports/summary | Aggregated metrics + flat scan list used by the Reports page |
GET /api/reports/export | Bulk export of all scans as JSON or CSV (?format=json|csv) |
GET /api/scan/export/{id} | Single scan export as JSON, CSV, HTML, or SARIF (?format=...) |
POST /api/ai-fix/generate-report | Generate AI narrative report from a list of scan IDs |