{% if actions_df %} {% for priority_label in ['P0', 'P1', 'P2', 'P3'] %} {% set prio_actions = actions_df | selectattr('priority', 'equalto', priority_label) | list %} {% if prio_actions %}

{{ priority_label }} {% if priority_label == 'P0' %} — Fix Immediately {% elif priority_label == 'P1' %} — Fix This Sprint {% elif priority_label == 'P2' %} — Fix Within 30 Days {% elif priority_label == 'P3' %} — Schedule for Maintenance {% endif %}

{{ prio_actions|length }}
{% for action in prio_actions %}
{% if action.ai_verdict == "not_affected" %} VERIFY {{ action.component_name }} {{ action.component_version }} {% elif action.fixed_version %} UPGRADE {{ action.component_name }} {{ action.component_version }} → {{ action.fixed_version }} {% else %} INVESTIGATE {{ action.component_name }} {{ action.component_version }} {% endif %} {{ priority_label }}
{% if action.purl %}{{ action.purl }}{% endif %} {% if action.dep_is_direct %} Direct {% else %} Transitive via {{ action.dep_direct_dependency }} {% endif %} {% if action.any_exploit %}Exploit{% endif %} {% if action.any_kev %}KEV{% endif %} {% if action.ai_verdict == "not_affected" %} Recommended: Not Affected {% elif action.ai_verdict is defined and action.ai_verdict != "affected" %} {{ action.ai_verdict }} {% endif %} {{ action.cve_count }} CVE{{ 's' if action.cve_count != 1 }} CVSS {{ '%.1f' | format(action.max_cvss) }} {% if action.ai_verdict != "not_affected" %} {{ action.upgrade_type }} ({{ action.breaking_change_risk }} risk) Effort: {{ action.effort_estimate }} {% endif %}
{% if action.dep_path_display %}
{{ action.dep_path_display }}
{% endif %} {% if action.ai_verdict != "not_affected" and action.remediation_options_parsed %}
{% for opt in action.remediation_options_parsed %}
{{ opt.option_number }} {{ opt.title }} {% if opt.type == 'upgrade' %} {% if opt.fix_validated %} Validated {% else %} Unvalidated {% endif %} {% endif %}
{% if opt.type == 'upgrade' %} {% if opt.upgrade_command %}
{{ opt.upgrade_command }}
{% endif %} {% if opt.upgrade_type or opt.breaking_change_risk %}
Type: {{ opt.upgrade_type }} | Risk: {{ opt.breaking_change_risk }}
{% endif %} {% if opt.breaking_change_notes and opt.breaking_change_notes|lower not in ['', 'none expected'] %}
Breaking changes: {{ opt.breaking_change_notes }}
{% endif %} {% elif opt.type == 'workaround' %} {% if opt.workarounds %}
    {% for wa in opt.workarounds %}
  • {{ wa }}
    • {% endfor %}
{% endif %} {% if opt.workaround_urls %}
References: {% for url in opt.workaround_urls[:3] %} {{ url }}{% if not loop.last %}, {% endif %} {% endfor %}
{% endif %} {% elif opt.type == 'code_mitigation' %} {% if opt.affected_functions %}
Affected functions: {{ opt.affected_functions }}
{% endif %} {% if opt.patch_urls %}
Patches: {% for url in opt.patch_urls[:3] %} {{ url }}{% if not loop.last %}, {% endif %} {% endfor %}
{% endif %} {% endif %}
{% endfor %}
{% elif action.ai_verdict != "not_affected" and action.upgrade_instruction %}
{{ action.upgrade_instruction }}
{% endif %}
{% for r in action.resolves_parsed %}
{{ r.cve_id }} ({{ r.severity }}, {{ '%.1f' | format(r.cvss) }}) {% if r.description %}
{{ r.description }}
{% endif %}
{% endfor %}
{% if action.affected_functions %}
Affected functions: {{ action.affected_functions }}
{% endif %} {% if action.ai_analysis %}
AI Remediation Analysis
{% elif action.llm_guidance %}
AI Guidance
{% endif %} {% if action.agent_prompt %}
{% endif %}
{% endfor %}
{% endif %} {% endfor %} {% endif %} {% if suppressed_df %}

Suppressed (VEX: Not Affected)

{{ suppressed_df|length }}
{% for row in suppressed_df %} = 10 %} class="hidden-row"{% endif %}> {% endfor %}
CVEComponentVEX StateJustificationDetail
{{ row.finding_id }} {{ row.component_name }}{% if row.component_version %}@{{ row.component_version }}{% endif %} {{ row.vex_state }} {{ row.vex_justification }} {{ row.detail }}
{% if suppressed_df|length > 10 %} {% endif %}
{% endif %} {% if unresolvable_df %}

No Fix Available

{{ unresolvable_df|length }}
{% for row in unresolvable_df %} = 10 %} class="hidden-row"{% endif %}> {% endfor %}
ComponentVersionCVEsWorst BandMax CVSS
{{ row.component_name }} {{ row.component_version }} {{ row.cve_count }} {{ row.worst_band }} {{ '%.1f' | format(row.max_cvss) }}
{% if unresolvable_df|length > 10 %} {% endif %}
{% endif %} {% if project_agent_prompt %}

AI Agent: Project Remediation Prompt

{{ project_agent_prompt }}
{% endif %}
Generated by fs-report · {{ generated_at or '' }}

Copyright © 2026 Finite State, Inc.