Skip to content

Improve security report structure and documentation accuracy#49

Merged
vivekmittal514 merged 3 commits into
aws-samples:mainfrom
agasthik:feature/report-structure-clarity
Jul 10, 2026
Merged

Improve security report structure and documentation accuracy#49
vivekmittal514 merged 3 commits into
aws-samples:mainfrom
agasthik:feature/report-structure-clarity

Conversation

@agasthik

Copy link
Copy Markdown
Contributor

Summary

This branch reworks the interactive HTML report into a single, filterable findings table, refreshes reference documentation links across all assessment modules, and
corrects a set of documentation-accuracy issues found by auditing the docs against the assessment code. No assessment logic or check behavior changes — this is a
report-presentation refactor plus reference-link and documentation maintenance.

What changed

  1. Report structure clarity (report_template.py, test_generate_report.py, sample reports)
  • Collapses the five per-service tables (Bedrock / SageMaker / AgentCore / Agentic / FinServ) into one unified #findingsTable. Each service section is now a compact
    summary card (Failed / Passed / N-A / Total) with "View failed findings" and "View all rows" buttons that filter the shared table.
  • Findings table trimmed from 9 columns to 6 — Details, Resolution, and Reference are folded into a per-row
    Details disclosure ("Details and remediation").
  • Removes the duplicated createServiceFilter JS and all per-service filter/table markup, replacing them with data-filter-service buttons wired to the single
    applyFilters().
  • Findings section reordered after Risk Distribution; status filter defaults to Failed so the most actionable rows show first.
  • "Risk by Region" → "Risk by Region / Scope", adding a Global scope card so IAM-only (Global) failed findings are surfaced without inflating the scanned-region count.
  • Metric semantics clarified: Actionable Findings now counts failed High/Medium/Low findings; a new scored_findings preserves the pass-rate denominator (pass-rate math
    is unchanged).
  • De-duplication: extracted failed_severity_counts() and risk_metric_card() helpers, removing three copies of the counting/coloring logic.
  1. Security check documentation links (assessment app.py files, SECURITY_CHECKS_FINSERV.md)
  • Updated reference= URLs across the Bedrock, SageMaker, AgentCore, and FinServ modules to current AWS documentation pages; extracted repeated AgentCore URLs into
    module-level constants.
  • Migrated FinServ output-handling checks (FS-55..58) from OWASP LLM02 to OWASP LLM05:2025 Improper Output Handling in comments and references.
  1. Documentation accuracy fixes (docs + comment references)
  • SECURITY_CHECKS.md: corrected SM-04 and SM-11 (Medium → High) and AC-07 (High → Medium) to match the Failed-path finding severity in code.
  • SECURITY_CHECKS_FINSERV.md: rewrote the compliance framework mapping table — 7 of 9 framework rows were out of sync with the code's COMPLIANCE_MAP (the authoritative
    source, since these strings ship in each finding's CSV).
  • DEVELOPER_GUIDE.md: fixed Bedrock check count (14 → 32) and completed the docs tree listing.
  • SECURITY_CHECKS_FINSERV_SEVERITY_METHODOLOGY.md: fixed a dead relative link to the severity register.
  • README.md: "Risk by Region" → "Risk by Region / Scope".
  • Corrected severity-doc filename references in finserv_assessments/app.py and test_severity_register.py comments.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

agasthik added 3 commits July 9, 2026 22:54
Documentation corrections validated against the assessment code:
- SECURITY_CHECKS.md: correct SM-04, SM-11 (Medium->High) and AC-07
  (High->Medium) severities to match the Failed-path finding severity
- SECURITY_CHECKS_FINSERV.md: rewrite the compliance framework mapping
  table to match the code's COMPLIANCE_MAP (7 of 9 framework rows were
  out of sync)
- DEVELOPER_GUIDE.md: fix Bedrock check count (14->32) and complete the
  docs tree listing
- SECURITY_CHECKS_FINSERV_SEVERITY_METHODOLOGY.md: fix dead relative link
  to the severity register
- README.md: "Risk by Region" -> "Risk by Region / Scope" to match the
  refactored report heading
- finserv app.py / test_severity_register.py: correct severity doc
  filename references in comments/docstrings

Also refresh the sample HTML reports and dashboard screenshots.
@agasthik agasthik requested a review from vivekmittal514 July 10, 2026 13:26
@github-actions github-actions Bot added documentation Improvements or additions to documentation bedrock sagemaker report agentcore labels Jul 10, 2026

@vivekmittal514 vivekmittal514 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR #49 Review — "Improve security report structure and documentation accuracy"
Overall: Clean PR. No correctness bugs found. This is a well-executed report-presentation refactor with doc link maintenance. No assessment logic changes.

What works correctly:
Unified #findingsTable with 6 columns — column count consistent across , , and colspan
Filter buttons (data-filter-service + data-filter-status) wire up correctly
scored_findings vs actionable_findings math is preserved
AgentCore app.py changes are URL-only (no assessment logic modified)
CSS widths sum to 100%
All format template placeholders properly supplied

@vivekmittal514 vivekmittal514 merged commit c39f9a1 into aws-samples:main Jul 10, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agentcore bedrock documentation Improvements or additions to documentation report sagemaker

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants