adding example prompts folder and 1 example to mcp-contrast #22
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,80 @@ | ||
| # Vulnerability Report Generation Prompt for Contrast MCP | ||
|
|
||
| ## Objective | ||
| Generate a comprehensive, role-based security vulnerability report with interactive HTML interface that provides tailored views for different stakeholders (Developer, Manager, CISO, Business Person). | ||
|
|
||
| ## Instructions | ||
|
|
||
| Please create an interactive HTML vulnerability report with the following specifications: | ||
|
|
||
| ### 1. **Data Collection** | ||
| - Use `mcp_contrastmcp_list_all_applications` to find available applications | ||
| - Select the most relevant application for analysis (or ask user to specify) | ||
| - Use `mcp_contrastmcp_list_vulnerabilities` to get all vulnerabilities for the chosen application | ||
| - Use `mcp_contrastmcp_get_vulnerability` to get detailed information for Critical and High severity issues | ||
| - Use `mcp_contrastmcp_get_ADR_Protect_Rules` to understand available protection capabilities | ||
|
|
||
| ### 2. **Report Structure** | ||
| Create an HTML file with these four distinct role-based views: | ||
|
|
||
| #### **👨💻 Developer View** | ||
| - Technical vulnerability details with exact code locations | ||
| - Stack traces and vulnerable code examples | ||
| - Specific remediation code examples (vulnerable vs. secure) | ||
| - Time estimates for fixes | ||
| - Priority rankings for development planning | ||
|
|
||
| #### **📊 Manager View** | ||
| - Visual dashboards with Chart.js charts showing: | ||
| - Vulnerability severity distribution (pie/doughnut chart) | ||
| - Fix time estimates (bar chart) | ||
| - Risk reduction over time (line chart) | ||
| - Security posture radar chart | ||
| - Project metrics (team size, sprint allocation, technical debt) | ||
| - Two-phase approach (immediate ADR protection + code fixes) | ||
|
|
||
| #### **🔒 CISO View** | ||
| - Enterprise risk assessment with CVSS scores | ||
| - Compliance impact analysis (PCI DSS, GDPR, etc.) | ||
| - Financial risk projections | ||
| - Current ADR rule status and recommendations | ||
| - Board-level executive summary | ||
| - Threat landscape and attack vector visualizations | ||
|
|
||
| #### **💼 Business Person View** | ||
| - Simple, non-technical explanations using analogies | ||
| - Timeline of potential attack scenarios | ||
| - Financial impact breakdown (direct and indirect costs) | ||
| - Probability assessments in plain language | ||
| - Cost-benefit analysis comparing protection options | ||
| - Emphasis on Contrast ADR as immediate protection solution | ||
|
|
||
| ### 3. **Key Features to Include** | ||
|
|
||
| #### **Interactive Elements** | ||
| - Role selector buttons at the top | ||
| - Smooth transitions between views | ||
| - Charts that initialize properly without infinite scrolling | ||
| - Responsive design for different screen sizes | ||
|
|
||
| #### **Contrast ADR Focus** | ||
| - Emphasize ADR as immediate protection strategy | ||
| - Show current rule status (monitoring vs. blocking) | ||
| - 5-minute activation timeline | ||
| - Business continuity benefits | ||
| - Cost comparison: ADR protection vs. emergency shutdown vs. doing nothing | ||
|
|
||
| #### **Visual Design** | ||
| - Modern gradient backgrounds and card layouts | ||
| - Color-coded severity indicators (Critical=red, High=orange, Medium=yellow, etc.) | ||
| - Professional styling with hover effects | ||
| - Chart containers with fixed dimensions to prevent scrolling issues | ||
|
|
||
| ### 4. **Technical Implementation Details** | ||
|
|
||
| #### **Chart.js Configuration** | ||
| ```javascript | ||
|
There was a problem hiding this comment. I think this line is misplaced. This isn't javascript code. |
||
| - Use initialization flags to prevent multiple chart creation | ||
| - Add setTimeout delays for DOM readiness | ||
| - Set fixed container heights and max-widths | ||
| - Include maintainAspectRatio: false for proper sizing | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would not specify the tools to use directly. The agent will use the appropriate tools. We are about to add a better tool to get all the critical and high vulnerabilities in one call. WIth this prompt though, it would keep calling the old inefficient tool because it says to.