Skip to main content

Cloudflare Executive Report - CLI for multi-zone reporting and cache

Project description

โ˜๏ธ Cloudflare Executive Report

Turn Cloudflare analytics into executive-ready PDF reports with security scores, NIST mappings, and multi-zone portfolio views.

Security: Read-Only PyPI version Python 3.11+ License Coverage


๐ŸŽฏ Why this tool exists

Cloudflare dashboard data is great for daily ops, but executives need more:

Problem Solution
๐Ÿ“… Dashboard only shows recent data Historical windows beyond convenience
๐ŸŒ One zone at a time One report across many zones
๐Ÿ“„ Raw numbers, no narrative Reusable PDFs with risk scoring and actions
๐Ÿ” Too much detail Concise leadership summaries

Cloudflare Executive Report fills that gap with local caching and deterministic PDF generation.


โœจ What you get

Feature What it does for you
๐Ÿ’พ Historical cache Sync once, generate reports later - no re-querying
๐ŸŒ Multi-zone portfolio One page with score, grade, and risks across all zones
๐Ÿ“‹ Executive summary Verdict, KPIs, takeaways, and actions per zone
๐ŸŽฏ Security score 0-100 + grade, based on real risk takeaways
๐Ÿ” NIST mapping Compliance context for auditors
๐Ÿ“ง Email delivery Auto-send PDFs via SMTP after generation
๐ŸŽจ Brand colors Match your company's primary/accent colors

๐Ÿ“Š See it in action

Try the sample reports (generated from synthetic data):

Minimal Executive Detailed High Quality*
๐Ÿ“„ View PDF ๐Ÿ“Š View PDF ๐Ÿ”ฌ View PDF โœจ View PDF

*SVG/high quality = larger file size, sharper visuals for printing


๐Ÿš€ Quick start (30 seconds)

pip install cloudflare-executive-report
cf-report init
cf-report sync --last 30
cf-report report -o security-report.pdf

That's it. You just generated your first executive report.


๐ŸŽš๏ธ Report profiles (choose your depth)

Profile Cover Portfolio Zone summary Details Best for
minimal โœ… โœ… โŒ โŒ Quick status check
executive โœ… โœ… โœ… โŒ Leadership (default)
detailed โœ… โœ… โœ… โœ… Technical deep dive

๐Ÿ” API token setup

Create a read-only API token in Cloudflare Dashboard โ†’ Manage Account โ†’ Account API Tokens

Required permissions

Permission Required
Zone > Zone Read โœ… Yes
Zone > Analytics Read โœ… Yes
Zone > DNS Read โš ๏ธ Recommended
Zone > SSL and Certificates Read โš ๏ธ Recommended
Zone > Zone Settings Read โš ๏ธ Recommended
Zone > Firewall Services Read โš ๏ธ Recommended
Zone > WAF Read โš ๏ธ Recommended
Account > Access: Audit Logs Read โ„น๏ธ Nice-to-have
Account > Account Settings Read โ„น๏ธ Nice-to-have

โœ… Required = Tool won't work | โš ๏ธ Recommended = Full features | โ„น๏ธ Nice-to-have = Better validation

Quick validation

# Shows exactly which permissions you have
cf-report validate

Security notes

  • ๐Ÿ”’ Read-only only - The tool never needs write permissions
  • ๐Ÿ’พ All data stays local - Cached in ~/.cf-report/, no telemetry
  • ๐Ÿ“– Full security guide โ†’ - Step-by-step token creation, data storage details, and security checklist

๐Ÿ“ˆ How scoring works

Only risk takeaways affect your score. Everything else (win, action, comparison, observation) is informational.

Score = max(0, 100 - (total_risk_weight / 60) * 100)
Risk weight Score Grade Example
0 100 A+ No risks found
19 68 C+ SSL off (10) + WAF disabled (9)
26 57 C Three medium risks
60+ 0 F Critical security gaps

โฑ๏ธ Data retention (by Cloudflare plan)

Plan DNS Security HTTP
Free 7d 7d 30d
Pro 31d 7d 30d
Business 31d 31d 30d
Enterprise 62d 90d 30d

Days outside these windows = unavailable (cached, no API calls)


โš™๏ธ Quick config (~/.cf-report/config.yaml)

api_token: "cfat_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
cache_dir: "~/.cf-report/cache"
history_dir: "~/.cf-report/history"
log_level: "info"
exclude_types:
  - email

zones:
  - id: "abc123..."
    name: "example.com"

pdf:
  profile: "executive" # minimal | executive | detailed
  chart_format: "png" # png | svg
  map_format: "png" # png | svg
  colors:
    primary: "#2563eb" # your brand color
    accent: "#f38020"

email:
  enabled: true
  smtp_host: "smtp.example.com"
  recipients:
    - "security@example.com"

ai-summary:
  enabled: true
  model: "openrouter/google/gemma-2-9b-it:free"

๐Ÿ› ๏ธ CLI cheat sheet

# Sync data
cf-report sync --last 30                    # Last 30 days
cf-report sync --zone example.com --last 7  # Single zone

# Generate report
cf-report report -o report.pdf              # Basic PDF
cf-report report -o report.pdf --email      # PDF + email
cf-report report -o report.pdf --profile minimal  # Override PDF profile
cf-report report --exclude-types email,cache # Exclude specific streams
cf-report report --skip-zone-health         # Skip health checks

# Manage zones
cf-report zones list
cf-report zones add --id abc123 --name example.com

# Clean cache
cf-report clean --older-than 90

# Generate report with AI summary and send it by email
cf-report report -o report.pdf --email --ai-summary

๐Ÿ“š Documentation

Guide What it covers
User guide Full CLI reference and config
AI Summary: Powered by LLMs (Optional) AI summary and email generation
Dashboard verification Compare report vs Cloudflare UI
Reliability metrics Understanding approximations
Developer docs Architecture and internals

โ“ Common questions

How accurate are the metrics? Trend-oriented approximations. Use for executive posture guidance, not packet-level forensics.

Can I run this in CI/CD? Yes - works headless. Set CF_REPORT_API_TOKEN (preferred) and pass --config to a non-secret config file.

What if I have 100+ zones? Works fine. Sync may take a while initially, but caching helps.


๐Ÿ“ฆ Links


๐Ÿ“„ License

MIT - go wild. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cloudflare_executive_report-1.0.2.tar.gz (1.8 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cloudflare_executive_report-1.0.2-py3-none-any.whl (204.7 kB view details)

Uploaded Python 3

File details

Details for the file cloudflare_executive_report-1.0.2.tar.gz.

File metadata

File hashes

Hashes for cloudflare_executive_report-1.0.2.tar.gz
Algorithm Hash digest
SHA256 d445f6b722d49227a80d4445248f4e51ca1e92327a24d6b9c0f9f7b5b45c42eb
MD5 2ce36b367865b3f0bfd8fc467de1e084
BLAKE2b-256 60667e956b4b3644074c0e92771a5df1d7ae0c2dfe042dfa4834a1b852e832f9

See more details on using hashes here.

Provenance

The following attestation bundles were made for cloudflare_executive_report-1.0.2.tar.gz:

Publisher: publish.yml on vhsantos/cloudflare-executive-report

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cloudflare_executive_report-1.0.2-py3-none-any.whl.

File metadata

File hashes

Hashes for cloudflare_executive_report-1.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 5e192baa778eb0f7ee4b35354ca1aaff308c3661db488d7597c31e0bdb6144f9
MD5 5ee6039bb50402eba08de587a6a7ed4b
BLAKE2b-256 1e17f5ab91d40f5b095819071b6a9b4ef474742e8bd0ac1a605d1d62fea9d133

See more details on using hashes here.

Provenance

The following attestation bundles were made for cloudflare_executive_report-1.0.2-py3-none-any.whl:

Publisher: publish.yml on vhsantos/cloudflare-executive-report

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page