Skip to main content

Reporting & Exports

Once an analysis run completes, nori provides powerful export mechanisms designed for two distinct audiences: engineering leadership and compliance auditors.

1. LLM Summary Export (Executive Briefing)

If GenerateSummaries is enabled in your configuration, the final summarization step will produce a high-level executive briefing.

This export is designed for CTOs and Engineering Managers. It distils the massive amount of raw control data into:

  • Key Policy Insights: A narrative summary of the overarching compliance posture.
  • Critical Risk Vectors: A prioritized list of the most severe failures found across the codebase.
  • Remediation Roadmap: High-level strategic advice on how to bring the codebase into compliance.

This summary can be exported as a standalone Markdown or PDF document, perfect for sharing in management meetings without overwhelming non-technical stakeholders with line-level code analysis.

2. General Export (Auditor Deep-Dive)

For internal compliance teams or external BSI auditors, the General Export provides the irrefutable proof required to certify a system.

Available as a highly structured PDF or interactive HTML report, the General Export contains:

  • Full Control Matrix: A comprehensive breakdown of every single control ID (e.g., O.Auth_1), its status, and its resulting score.
  • Line-Level Evidence: For every failure or warning, the report explicitly cites the offending file path and the exact line numbers (e.g., src/auth/token.ts:L45-L60).
  • Sub-Agent Rationale: A transparent log of exactly why the sub-agent decided to fail or pass a control, providing the necessary audit trail to prove that the evaluation was rigorous and accurate.
  • Attached Proof: Links and references to any external manual evidence you provided for non-code controls.

3. Regulatory Compliance Report (Per-Control Dossier)

For transmission to external BSI auditors or regulatory evaluators, nori can generate a comprehensive, per-control compliance dossier. Unlike standard failure-focused exports, this report covers all controls in the target standard.

Features

  • Zero LLM Token Cost: The dossier is compiled deterministically from local execution logs, findings, and metadata. It runs entirely locally on your workstation with zero API calls.
  • Granular Evaluation Documentation: For every control, the report outlines the target file scopes examined, lists the concrete compliance objectives assessed, explains the verdict, and logs the outcomes.
  • Evidence Dossier: Contains complete inline code snippets and links to attached evidence documents for every control.
  • Privacy Hardened: To satisfy security requirements, nori automatically strips absolute path prefixes (e.g. C:\Users\username\Projects\...) from all file references, ensuring machine names, local folder layouts, and internal repositories are never leaked to external auditors.