feat: implement multi-format report generation #10
Description
Description
Implement a comprehensive report generation system that produces output in multiple formats tailored to different audiences: executive summaries for leadership, detailed technical reports for security teams, machine-readable output for automation, and compliance reports for auditors.
Tasks
- PDF executive summary (for management/board):
- Overall quantum risk score with trend indicator
- Key findings and top-priority risks
- High-level migration timeline and budget estimate
- Visual risk heat map
- Detailed technical report (for security teams):
- Per-component vulnerability assessment with full details
- Attack path analysis with diagrams
- Specific remediation steps with code/config examples
- Shor and Grover analysis details
- JSON/YAML machine-readable output:
- Structured assessment results for pipeline integration
- Stable schema with versioning for downstream consumers
- Support for diff between assessments (track progress)
- Compliance report:
- Mapping to NIST SP 800-131A Rev 2
- CNSA 2.0 compliance status
- Gap analysis with specific non-compliant items
- Risk register export (CSV for GRC tools):
- Standard risk register format
- Compatible with common GRC platforms
- Architecture diagram with vulnerability overlay:
- Color-coded components (red/yellow/green by quantum risk)
- Annotated data flows showing vulnerable paths
- Before/after migration comparison view
References
- Depends on: assessment engine (feat: implement quantum vulnerability assessment engine #4), timeline estimator (feat: add quantum threat timeline estimator #7), mitigation recommendations (feat: generate mitigation recommendations #8)
- ReportLab or WeasyPrint for PDF generation
- Mermaid or Graphviz for diagram generation