A reporting pipeline that collects Meraki org data, generates network health and security recommendations, optionally enriches them with a local LLM review, and renders HTML/PDF reports.
| Script | Role |
|---|---|
meraki_backup.py |
Pulls Meraki API data into per-org backup directories |
merge_recommendations.py |
Combines per-org recommendation files |
ollama_review.py |
Optional local LLM review stage |
python -m reporting |
Direct report generation from existing backup data |
report_generator.py |
Compatibility wrapper for report generation |
run.sh |
Full pipeline orchestrator |
legacy/ |
Original MX baseline scripts (reference only) |
docs/cis-meraki-reference.md |
CIS Controls to Meraki reference mapping |
docs/reporting/ |
Report-writing guide and .docx template references |
docs/repository-audit.md |
Historical cleanup audit snapshot |
This project started from Meraki security baseline work and is now a broader
Meraki reporting pipeline. The historical upstream branch
iramku/Meraki-Security-Benchmark:Meraki-Security-Audit
is kept as a reference for MX baseline and CIS mapping ideas, but this repository
has diverged substantially and should not merge that branch wholesale.
- Run the installer:
./install.sh- Set
MERAKI_API_KEYin.env. - Run the full pipeline:
./run.shCheck the local environment without running the pipeline:
./run.sh --health-check
./run.sh --report-only --health-checkGenerate a demo report from sanitized fixtures without Meraki API access:
./run.sh --demo-report --no-openOptional — specify a local Ollama model for AI-enhanced recommendations:
./run.sh --model gemma4:e2bThe default Ollama model is gemma4:e2b, chosen for lower RAM usage. Pull it
before enabling AI review:
ollama pull gemma4:e2bAll output is written to backups/<org>/ (gitignored):
recommendations.md— per-org findings and recommendationsSITE_NAME_Complete_Report_YYYY-MM-DD.html/.pdf— named full report for sharingSITE_NAME_Executive_Summary_Report_YYYY-MM-DD.html/.pdf— named executive summarySITE_NAME_Backup_Settings_Report_YYYY-MM-DD.html/.pdf— named backup settings reportreport.html/report.pdf— compatibility aliases for older scriptsbackups/master_recommendations.md— combined across all orgsbackups/recommendations_ai_enhanced.md— LLM-reviewed version
To enable the Hardware Cost & Refresh Plan section, create a pricing.json at the repo root
or within a specific org backup directory. See pricing.json.example for the expected shape.
Set unit_cost and optional replacement_cycle_years per model.
Install dependencies:
./install.sh- Python 3.10+
- WeasyPrint (PDF rendering)
wkhtmltopdf(optional PDF fallback)- Ollama with
gemma4:e2bpulled locally (optional LLM review)
For local iteration without live Meraki access, use the committed fixture set in
tests/fixtures/.
Generate a report directly from fixture data:
python3 - <<'PY'
from reporting.app import build_org_report
from reporting.html_shell import build_html
body = build_org_report("tests/fixtures", "Fixture Org")
print(build_html("Fixture Org — Network Health Report", body)[:400])
PYRun the script entrypoint against existing backups:
python3 -m reporting
python3 -m reporting --source-dir tests/fixtures --org-name "Fixture Demo Org" --output-dir backups/.demo/Fixture_Demo_Org
./run.sh --report-only --no-ai-review --no-openRun tests:
pytest -qSee docs/project-shape.md for the current file layout and cleanup rules. In
short, run.sh remains the main user entrypoint, active reporting code lives in
reporting/, root Python scripts are compatibility or pipeline stage
entrypoints, and legacy/ is retained only as historical reference.
The upstream baseline project includes GPL-3.0 licensed components. Review licensing obligations before redistributing a packaged release.