Vulnerability Report: {title}
Source:
vulnerability-report.md
markdown
# Vulnerability Report: {title}
> **Audit ID:** SEC-{NNN}
> **Status:** Analyzing
> **Date:** {date}
> **Author:** Vulnerability Scanner
## Findings Summary
<!-- sniper:managed:findings-summary:start -->
| Severity | Count |
|----------|-------|
| Critical | |
| High | |
| Medium | |
| Low | |
| **Total** | |
<!-- sniper:managed:findings-summary:end -->
## Vulnerability Inventory
<!-- sniper:managed:vulnerabilities:start -->
### VULN-001: {title}
- **Severity:** Critical / High / Medium / Low
- **Category:** {OWASP Top 10 category, e.g., A01:2021 Broken Access Control}
- **Location:** `path/to/file.ts:42`
- **Description:** {what the vulnerability is}
- **Evidence:** {the specific code pattern that creates the vulnerability}
- **Impact:** {what an attacker could achieve by exploiting this}
- **Remediation:** {how to fix it}// Example fix
<!-- sniper:managed:vulnerabilities:end -->
## Patterns of Concern
<!-- sniper:managed:patterns:start -->
<!-- Systemic issues that appear across multiple locations -->
### {Pattern Name}
- **Occurrences:** {count} locations
- **Description:** {what the pattern is and why it's concerning}
- **Locations:** {list of file:line references}
- **Systemic Fix:** {how to address this across the codebase}
<!-- sniper:managed:patterns:end -->
## Positive Findings
<!-- sniper:managed:positive:start -->
<!-- Security practices that are done well and should be maintained -->
- {Positive finding — e.g., "Consistent use of parameterized queries in `src/db/` layer"}
<!-- sniper:managed:positive:end -->