Producing reports

The container scanner can directly generate a few reports: these parameters are used to select which reports should be generated and, in some cases, what they should contain.

It is important to note that the container scanner runs in a Docker container and maps the current folder on the host machine so every generated report will be stored in the current folder. You only need to specify the desired filename of the chosen report and not a path. Should you wish to map a different folder you are free to do so by manually editing the script.

--report-json Produces a JSON report file of the analysis (machine-readable) Example: --report-json=report.json

--report-pdf Produces a PDF report file of the analysis (human-readable) Example: --report-pdf=report.pdf

--report-junit Produces a Junit XML report file of the analysis (machine-readable) Example: --report-junit=report.xml

--report-console Emits an analysis report on the console, a list of options separated by comma should be specified: - color: enable colored output - nocolor: disable colors and enhanced formatting (used on CI with bare-bone consoles) - security: shows the security section - stability; shows the stability section - licensing: shows the licensing section Default: color if supported, includes all the sections Example: --report-console=nocolor,security,licensing

--report-sbom Produces a SBOM report, the format is defined based on the extension of the file:

• .json - a standard licensing bible report, JSON format

• .pdf - a standard licensing bible report, PDF format

• .csv - a standard SBOM Meterian report, CSV format

• .cdx.xml - a standard CycloneDX SBOM report, XML format

• .cdx.json - a standard CycloneDX SBOM report, JSON format

--report-tree Produces dependency tree, optionally on file in either JSON or TEXT format Example: --report-tree=tree.txt