Vulnlog Reporting
The Vulnlog CLI reads the Vulnlog YAML file and generates a shareable vulnerability report.
Triage decisions live next to the code in the Vulnlog file, but the people who need to see them — peers, auditors, customers, downstream teams — usually do not read the YAML. The report turns the same source of truth into a single document that summarizes every tracked vulnerability, its triage verdict, and the release that ships the fix.
Vulnlog generates the report from the same YAML used to generate the suppression files, so the suppressed findings and the published report can never drift apart.
Report Format
HTML
Vulnlog renders the report as a single, self-contained HTML document. It is fully offline and print-friendly.
The document contains the project metadata, summary (totals, breakdown by state and severity), and an entry table grouped by state and severity.
The same input file can be rendered from the project maintainer’s perspective (full backlog across releases) or release-scoped via the --release flag for an audience that only cares about a published release.