Reporter
The Kovar reporter is a Playwright reporter that aggregates all security findings from tests using the security fixture and prints a score card.
Add the reporter to your Playwright config:
import { defineConfig } from "@playwright/test";
export default defineConfig({ reporter: [["list"], ["@orlalabs/kovar/reporter"]],});Score Card Output
Section titled “Score Card Output”After each test run, the reporter prints a summary:
+----- Kovar Security Summary --------------------------+| || Score: 60/100 || || x 2 critical || x 1 high || ! 3 medium || || 4 test(s) with security findings || |+--------------------------------------------------------+Scoring
Section titled “Scoring”The score starts at 100 and is reduced based on finding severity:
| Severity | Score Penalty |
|---|---|
| Critical | -20 per finding |
| High | -10 per finding |
| Medium | -5 per finding |
| Low | -2 per finding |
Info-level findings do not affect the score.
How It Works
Section titled “How It Works”The reporter collects findings from:
- Tests that use the security fixture (
.assert()or.check()calls). - Tests that run a full audit via
security.audit().
All findings are automatically attached as JSON to the Playwright test report. The Kovar reporter reads these attachments and aggregates them across the entire test suite.
Related
Section titled “Related”- Security Fixture — the fixture that generates findings for the reporter.
- Full Audit — run all checks and feed results to the reporter.
- GitHub Action — run the reporter in CI.
- Baseline Tracking — track score changes over time.