Techcle Wiki

Test Us Pdf Brief

4 min read

CascadeGuard “Test Us” — PDF Report Brief

Purpose

A branded, stakeholder-ready document that a prospect downloads after scanning their container image. It serves two roles:

  1. Technical report — actionable vulnerability and Dockerfile analysis findings
  2. Internal sales deck — arms the champion to justify CascadeGuard to their team/leadership

The PDF must work equally well presented on a screen in a meeting or printed and handed to a VP of Engineering.

Document Structure (8–10 pages)

Page 1: Cover

  • CascadeGuard logo + tagline (“Secure containers, shipped fast”)
  • Report title: “Container Security Assessment”
  • Scanned image/project identifier (e.g., base image name, or “Your Dockerfile”)
  • Date generated
  • “Confidential — prepared for [Company Name or ‘your team’]“

Page 2: Executive Summary (the “one-pager”)

  • Overall risk level — large, color-coded badge (Critical / High / Medium / Low / Clean)
  • Key numbers in a dashboard strip:
    • Total vulnerabilities found
    • Critical + High count (highlighted)
    • Known-exploited count (CISA KEV — call this out with a warning icon)
    • Fixable vulnerabilities (% that have a known fix)
    • Total packages scanned
  • One-paragraph narrative: “We scanned [image] and found X critical vulnerabilities, Y of which are known to be actively exploited. Z% of findings have available fixes. The most urgent action is upgrading [package] to address [CVE].”
  • Top 3 recommended actions (numbered, specific)

Page 3: Vulnerability Breakdown

  • Severity distribution chart — horizontal stacked bar or donut chart (critical/high/medium/low)
  • Ecosystem breakdown — table showing vuln counts by source (OS packages vs npm vs pip, etc.)
  • Fixability summary — “31 of 49 vulnerabilities have a known fix available”
  • CISA KEV callout box — if any vulns are on the Known Exploited Vulnerabilities list, highlight them here with an “Actively Exploited” banner

Pages 4–5: Critical & High Findings (Detail Table)

  • Table columns: Severity | CVE ID | Package | Installed Version | Fixed Version | Exploit Known | Description (truncated)
  • Only Critical and High severity shown in the main table (keeps it focused for executives)
  • Footnote: “Full vulnerability list including Medium/Low findings available in the online report”
  • Each CVE ID is a clickable link (in digital PDF) to NVD

Page 6: Dockerfile Analysis

  • Best-practice scorecard — list of rules checked with pass/fail icons
  • Top recommendations with line references
  • Base image freshness

Page 7: Software Bill of Materials (SBOM) Summary

  • Total component count
  • Breakdown by ecosystem
  • License summary — flag any copyleft licenses (GPL) prominently
  • Note: “Full SBOM available for download in CycloneDX and SPDX formats”

Page 8: Remediation Roadmap

  • Priority matrix — 2x2 grid: Severity vs. Effort to fix
  • Estimated remediation effort
  • What continuous monitoring adds

Page 9: Why CascadeGuard

  • Before vs. After comparison
  • Key differentiators (3-4 bullets)
  • Customer proof point (placeholder)
  • Pricing CTA

Page 10: Next Steps + Contact

  • QR code linking to the online report
  • Schedule a demo / Start free trial links
  • Contact info

Design Guidelines

  • Color palette: CascadeGuard brand colors. Critical = red (#DC2626), High = orange (#EA580C), Medium = amber/yellow (#D97706), Low = blue (#2563EB), Clean = green (#16A34A)
  • Typography: Clean sans-serif (Inter, IBM Plex Sans, or similar). Headlines 18-24pt, body 10-12pt
  • Charts: Minimal, data-dense. No 3D effects. Flat, modern style
  • Layout: Generous whitespace. One key message per page. Executives skim — put the conclusion first, details after
  • Branding: Logo on every page (header or footer). Subtle, not overwhelming. The prospect’s data is the hero
  • Footer on every page: “Generated by CascadeGuard on [date] | Report expires [date+7d] | cascadeguard.com”

Data Mapping

Every field in this brief maps directly to the Scan Results YAML Schema (v1) defined in the PRD. No additional data collection needed.

Brief SectionYAML Source
Cover — image namebase_images[0].reference
Executive Summary — risk levelsummary.risk_level
Vuln countssummary.vulnerability_counts.*
Exploited countsummary.exploit_known_count
Vuln detail tablevulnerabilities[]
Dockerfile scorecarddockerfile_analysis.issues[]
SBOM summarysbom.component_count, sbom.license_summary
Data freshnessdata_freshness.*

Graph View