PR

Summary

  • Add PDF exporter implementing the Exporter interface for professional vulnerability scan reports
  • Generate reports with severity summary, color-coded findings table, and detailed findings sections
  • Include comprehensive unit tests with thread-safety and race detection coverage

Changes

  • New: pkg/reporting/exporters/pdf/pdf.go - PDF exporter implementation
  • New: pkg/reporting/exporters/pdf/pdf_test.go - 7 unit tests (all passing)
  • Modified: pkg/reporting/options.go - Added PDFExporter field
  • Modified: pkg/reporting/reporting.go - Registered PDF exporter
  • Modified: go.mod/go.sum - Added github.com/phpdave11/gofpdf dependency (actively maintained fork)

PDF Report Features

  • Header with “Nuclei Vulnerability Scan Report” + timestamp + version
  • Severity summary counts (critical/high/medium/low/info) with color coding
  • Findings overview table (properly sized for A4 margins)
  • Detailed findings section with descriptions
  • Page footer with page numbers on all pages
  • UTF-8 safe string truncation
  • Handles empty results with “No findings detected” message

Usage

Add to your nuclei config file:

pdf:

  file: "report.pdf"

Testing

go test -v ./pkg/reporting/exporters/pdf/     # All 7 tests pass

go test -race ./pkg/reporting/exporters/pdf/  # No race conditions

make build                                     # Builds successfully

CodeRabbit Review Fixes Applied

  • ✅ Replaced archived jung-kurt/gofpdf with actively maintained phpdave11/gofpdf
  • ✅ Removed deprecated jung-kurt/gofpdf from go.mod entirely
  • ✅ Moved SetFooterFunc before AddPage() so footer appears on all pages
  • ✅ Fixed table column widths (180mm total) to fit A4 page margins
  • ✅ Changed to rune-based string truncation for proper UTF-8 handling

/claim #2063

Summary by CodeRabbit

  • New Features
    • Added PDF export for scan results with severity summaries, findings table, detailed findings, timestamps, version info, and automatic page numbering; shows a friendly message when no findings exist.
  • Tests
    • Added unit tests covering creation, exporting (including concurrency and nil events), file generation, empty output, and idempotent close.
  • Chores
    • Updated top-level ignores.

Claim

Total prize pool $25
Total paid $0
Status Pending
Submitted February 02, 2026
Last updated February 02, 2026

Contributors

RI

Rishi Vhavle

@kaizen403

 100%

Sponsors

PR

ProjectDiscovery

@projectdiscovery

$25