Bastion Predictive Update Analysis Report - ${report.projectArtifactId}

Executive Summary

${report.analysisSummary}

${safeUpdates}

Safe Updates

${riskyUpdates}

Risky Updates

${resolvableCves}

CVEs Resolvable

${successRate}%

Success Rate

Recommendation Distribution

Detailed Breakdown

Category	Count	Percentage	Description
Safe Updates	${safeUpdates}	<#assign safePercent = (totalDependencies > 0)?then((safeUpdates / totalDependencies * 100), 0)> ${safePercent?string("0.0")}%	Dependencies with safe update paths available
Risky Updates	${riskyUpdates}	<#assign riskyPercent = (totalDependencies > 0)?then((riskyUpdates / totalDependencies * 100), 0)> ${riskyPercent?string("0.0")}%	Updates available but with increased risk
No Safe Updates	${noSafeUpdates}	<#assign noUpdatePercent = (totalDependencies > 0)?then((noSafeUpdates / totalDependencies * 100), 0)> ${noUpdatePercent?string("0.0")}%	No safe update path found
Total	${totalDependencies}	100%	All analyzed dependencies

Success Rate: ${successRate}% of dependencies have actionable update recommendations. <#if safeUpdates gt 0>
You can safely update ${safeUpdates} ${(safeUpdates == 1)?then('dependency', 'dependencies')} to improve security posture.

CVE Impact Analysis

Security Impact Details

${resolvableCves}

CVEs Resolvable

${potentialNewCves}

Potential New CVEs

Net CVE Reduction

Total security improvement

<#assign netReduction = resolvableCves - potentialNewCves>

<#if (netReduction > 0)>-${netReduction?abs}

CVEs

<#assign resolvedPercent = (resolvableCves + potentialNewCves > 0)?then((resolvableCves / (resolvableCves + potentialNewCves) * 100), 100)>

Security improvement ratio: ${resolvedPercent?string("0.0")}%

<#if report.recommendations?has_content>

CVE Severity Breakdown

<#assign criticalCount = 0> <#assign highCount = 0> <#assign mediumCount = 0> <#assign lowCount = 0> <#list report.recommendations as rec> <#if rec.currentVulnerabilities?has_content> <#list rec.currentVulnerabilities as vuln> <#if vuln.severity?? && vuln.severity == "CRITICAL"> <#assign criticalCount = criticalCount + 1> <#elseif vuln.severity?? && vuln.severity == "HIGH"> <#assign highCount = highCount + 1> <#elseif vuln.severity?? && vuln.severity == "MEDIUM"> <#assign mediumCount = mediumCount + 1> <#elseif vuln.severity?? && vuln.severity == "LOW"> <#assign lowCount = lowCount + 1>

Critical ${criticalCount}

<#assign total = criticalCount + highCount + mediumCount + lowCount> <#assign criticalPercent = (total > 0)?then((criticalCount / total * 100), 0)>

High ${highCount}

<#assign highPercent = (total > 0)?then((highCount / total * 100), 0)>

Medium ${mediumCount}

<#assign mediumPercent = (total > 0)?then((mediumCount / total * 100), 0)>

Low ${lowCount}

<#assign lowPercent = (total > 0)?then((lowCount / total * 100), 0)>

<#if report.topRecommendations?has_content>

Top Recommendations

<#list report.topRecommendations as rec>

${rec.dependencyNameShort}

${rec.currentVersion} ${rec.recommendedVersion!'N/A'}

CVE Impact

${rec.cvesResolved} resolved <#if rec.potentialNewCves gt 0> ${rec.potentialNewCves} new

Risk Level

${rec.riskLevel!'UNKNOWN'}

Confidence

${(rec.confidenceScore * 100)?string("0.0")}%

<#if rec.reason?has_content>

${rec.reason}

Detailed Analysis

Total Dependencies: ${totalDependencies}

Analysis Time: ${formatDuration(report.analysisTimeMs)}

<#if report.recommendations?has_content>

<#list report.recommendations as rec>

Current Status

Current Version: ${rec.currentVersion}
Dependency Type: ${rec.direct?string('Direct', 'Transitive')}
Current CVEs: ${rec.currentVulnerabilities?size}

Recommendation

Recommended Version: ${rec.recommendedVersion!'No safe update available'}
Risk Level: ${rec.riskLevel!'UNKNOWN'}
Confidence: ${(rec.confidenceScore * 100)?string("0.0")}%

<#if rec.reason?has_content>

${rec.reason}

<#if rec.currentVulnerabilities?has_content>

Current Vulnerabilities (${rec.currentVulnerabilities?size})

<#list rec.currentVulnerabilities as vuln>

CVE ID	Severity	CVSS Score	CWE	Description
<#if vuln.cveId?has_content> `${vuln.cveId}` <#else> `N/A`	${vuln.severity!'UNKNOWN'}	<#if vuln.cvssV3Score??> ${vuln.cvssV3Score?string("0.0")} <#elseif vuln.cvssV2Score??> ${vuln.cvssV2Score?string("0.0")} (v2) <#else> N/A	<#if vuln.cwe?has_content> ${vuln.cwe} <#else> -	${vuln.description!'No description available'} <#if vuln.references?has_content && vuln.references?size gt 0> <#list vuln.references as ref> <#if ref_index lt 2> Ref ${ref_index + 1} <#if vuln.references?size gt 2> +${vuln.references?size - 2} more

Security Status: ${rec.currentVulnerabilities?size} active ${(rec.currentVulnerabilities?size == 1)?then('vulnerability', 'vulnerabilities')}

<#if rec.recommendedVersion?has_content> Recommendation: Update to ${rec.recommendedVersion} to resolve ${rec.cvesResolved} CVE(s) <#else> No safe update available

<#if rec.versionAnalyses?has_content>

Version Analysis & Update Path (${rec.versionAnalyses?size} versions evaluated)

<#list rec.versionAnalyses as version>

<#if version.version == rec.recommendedVersion> <#elseif version.version == rec.currentVersion> <#else>


                                                                    ${version.version}

<#if version.version == rec.currentVersion> Current <#if version.version == rec.recommendedVersion> Recommended <#if version.preRelease> Pre-release <#if version.deprecated?? && version.deprecated> Deprecated

${version.cvesResolved} resolved

<#if version.potentialNewCves gt 0>

${version.potentialNewCves} new

<#if version.cvesResolved gt 0 || version.potentialNewCves gt 0>

<#assign netImpact = version.cvesResolved - version.potentialNewCves> Net: <#if netImpact gt 0>+${netImpact}

${version.riskLevel!'UNKNOWN'}

Risk Level

Confidence Score

${(version.confidenceScore * 100)?string("0.0")}%

<#if version.releaseDate??>

Released: ${version.releaseDate?string("yyyy-MM-dd")}

<#if version.notes?has_content>

${version.notes}

Update Path: ${rec.currentVersion} ${rec.recommendedVersion!'No safe update'}

Security Gain: <#if rec.cvesResolved gt 0> -${rec.cvesResolved} CVE${(rec.cvesResolved == 1)?then('', 's')} <#else> No change

<#else>

No dependencies analyzed

No vulnerable dependencies found to analyze for updates.

Generated by Bastion Maven Plugin - Enterprise Edition

Project: ${report.projectGroupId}:${report.projectArtifactId}:${report.projectVersion} | Analysis completed in ${formatDuration(report.analysisTimeMs)}

Bastion Predictive Update Analysis

${formattedTimestamp}

Executive Summary

${safeUpdates}

${riskyUpdates}

${resolvableCves}

${successRate}%

Recommendation Distribution

Detailed Breakdown

CVE Impact Analysis

Security Impact Details

Net CVE Reduction

<#if (netReduction > 0)>-${netReduction?abs}

CVE Severity Breakdown

Top Recommendations

Detailed Analysis

${rec.dependencyNameShort} ${(rec.recommendationType?string!'SAFE_UPDATE')?replace('_', ' ')} <#if rec.cvesResolved gt 0> ${rec.cvesResolved} CVEs resolved <#if rec.potentialNewCves gt 0> ${rec.potentialNewCves} potential new

Current Status

Recommendation

Current Vulnerabilities (${rec.currentVulnerabilities?size})

Version Analysis & Update Path (${rec.versionAnalyses?size} versions evaluated)

No dependencies analyzed