Producing reports

The client can directly generate a few reports: these parameters are used to select which reports should be generated and, in some cases, what they should contain.

--report-json Produces a JSON report file of the analysis (machine-readable) Example: --report-json=~/report.json

--report-pdf Produces a PDF report file of the analysis (human-readable) Example: --report-pdf=~/report.pdf

--report-junit Produces a Junit XML report file of the analysis (machine-readable) Example: --report-junit=~/report.xml

--report-console Emits an analysis report on the console, a list of options separated by comma should be specified: - color: enable colored output - nocolor: disable colors and enhanced formatting (used on CI with bare-bone consoles) - security: shows the security section - stability; shows the stability section - licensing: shows the licensing section Default: color if supported, includes all the sections Example: --report-console=nocolor,security,licensing

--report-threadfix Produces a report file compatible with the Threadfix format. See the specific section for further details.

--report-sbom Produces a SBOM report, the format is defined based on the extension of the file:

• .json - a standard licensing bible report, JSON format

• .pdf - a standard licensing bible report, PDF format

• .csv - a standard SBOM Meterian report, CSV format

• .cdx.xml - a standard CycloneDX SBOM report, XML format

• .cdx.json - a standard CycloneDX SBOM report, JSON format

Example: --report-sbom=sbom.cdx.xml

It's also possible to request multiple reports, separating the file names with a comma.

Example: --report-sbom=sbom.cdx.xml,bible.pdf

--report-gitlab Produces a gitlab-compatible report to be used with GitLab Ultimate Example: --report-gitlab=gitlab.json

--report-sarif Produces a SARIF report with the results from the analysis. Example: --report-sarif=report.sarif