Xygeni User Guides
  • Welcome to Xygeni
  • Getting Started
    • Create a Free Trial Account
    • Quick start with your code repository
    • Quick start with Xygeni CLI
    • Quick start with a preloaded project
    • Log in to Xygeni
    • Subscribe to Xygeni
  • Introduction to Xygeni
    • Key Concepts
      • Projects in Xygeni
      • Project Baseline
      • Detected Issues
      • Remediation Actions
      • Policies
      • Risk Level
      • SDLC Inventory
      • Standards Compliance
      • GuardRails
    • Xygeni Products
    • How Xygeni works
    • Xygeni Web UI Overview
      • Projects Screen
        • Risk Level
    • Integrating Xygeni into your Workflow
    • Prioritization Funnels
      • Custom Funnels
      • Prioritization Criteria (Stages)
        • Reachability
        • Exploitability
        • Fixable
    • Guardrails
    • Generate a SBOM
    • Reports
      • Trends
      • Scan History
    • Supported Integrations
    • Customizations
  • Xygeni Products
    • Application Security Posture Management (ASPM)
      • ASPM User Interface Guide
      • All Risks
        • Statistics
        • Issues Evolution
        • Issue Comparison Between Different Scans
      • Governance
      • Inventory
        • All Assets
        • Repositories
        • Components
        • CI/CD Assets
        • Delivery Assets
        • Systems & Tools
        • Collaborators
      • Health Check
      • Inventory Scanner
        • Inventory Scanner Configuration
        • Inventory Collaborators Scan
      • Importing reports from 3rd party tools
        • External Scanners Supported
          • Report upload for Kiuwan
            • ExportRule (.java)
    • Code Security (SAST)
      • Code Security (SAST) User Interface Guide
        • Risks (SAST)
        • Malicious Code
      • Malware Scanner
        • Malware Scanner Configuration
        • Malware Detectors
      • SAST Scanner
        • SAST Scanner Configuration
    • Open Source (SCA)
      • Open Source (SCA) User Interface Guide
      • Open Source Components
      • Supported Package Managers for dependency resolution
      • Risks (SCA)
      • OSS Prioritization Funnels
      • OSS Auto-Remediation
      • Malware Early Warning (MEW)
        • How Malware Early Warning works
        • Common types of Malware found in open source packages
      • Dependency Scanner
        • Dependency scanner configuration
        • Dependency Analyzers
      • Suspect Dependencies Scanner
        • Suspect Deps Scanner Configuration
        • Suspect Deps Detectors
    • CI/CD Security
      • CI/CD Security User Interface Guide
      • CI/CD Details
      • Build Attestations
      • CI/CD Scanner
        • CI/CD Misconfigurations Scanner Configuration
      • Compliance Scanner
        • Supported compliance standards
    • Secrets Security
      • Secrets User Interface Guide
      • Secrets Scanner
        • Secrets scanner configuration
      • Secret Leaks Handling
        • Secret Leaks Handling
        • How to Prevent Hard-Coded Secrets
        • Secret Leaks Handling CheatSheet
      • Secrets Auto-Remediation
    • IaC Security
      • IaC User Interface Guide
      • IaC Scanner
        • IaC Scanner Configuration
    • Malware
    • Build Security
      • Build Security Concepts
      • Build Attestations
      • Attestation format
      • How SALT works
      • Installing Salt CLI
      • Salt Command-Line Reference
      • SALT Architecture
      • SALT How To…​
    • Anomalous Activity Detection
      • Anomalous Activity Detection User Interface Guide
      • Xygeni Sensors
        • Xygeni Sensor for Azure
        • Xygeni Sensor for BitBucket
        • Xygeni Sensor for GitHub
          • GitHub Audit Log Processing
        • Xygeni Sensor for GitLab
        • Xygeni Sensor for Jenkins
        • Anomaly Detection's Detectors
      • Code Tampering Scanner
        • Code Tampering Scanner Configuration
    • Compliance & Malware Insights
      • SSCS Compliance
      • Malicious Packages DB
  • Scan Management
    • Manage Scans
    • Scan History
  • Xygeni Scanner CLI
    • Xygeni Scanners
    • Xygeni CLI Overview
      • Xygeni CLI Prerequisites
      • Xygeni CLI Installation
      • Xygeni CLI Docker Image
      • Xygeni CLI Authentication
        • CLI Authentication with Xygeni
      • SCM, CI/ CD and Container Registry tokens
      • Xygeni CLI Operation Modes
        • Single scan
          • Scanning a docker image
        • Multi Scan
        • Organization scan
      • Xygeni CLI Configuration options
      • Xygeni CLI Output Formats
      • Exporting Xygeni results to 3rd party tools
      • Automatic Remediation
      • Generate SBOM with the Xygeni CLI
      • CLI utils
        • Credentials Encryption
        • Central Configuration
      • Xygeni Guardrails
        • CI/CD Audit Analysis
      • Xygeni CLI Error Codes
      • Xygeni Scanner Reference
  • Xygeni Administration
    • Platform Administration
      • Profile
      • Subscription
      • Users Management
      • Projects Management
      • Groups Management
      • Policies
      • Integrations
        • Xygeni Single Sign-On (SSO) Authentication
          • SSO - OKTA
          • SSO - Microsoft Entra ID
        • Integrate Scanner CLI into CI/CD Systems
          • Azure Pipelines Integration
          • BitBucket Integration
          • CircleCI Integration
          • GitHub Actions Integration
          • GitLab Runner Integration
          • Jenkins Integration
          • Travis CI Integration
        • Git Hooks with Xygeni
        • Collaboration & communication Tools
        • Ticketing Systems
        • Remediation systems
      • Notifications
    • Rest API
  • Support
  • Changelog
    • Version 5.11 - April 11, 2025
    • Version 5.9 – March 26, 2025
Powered by GitBook
On this page
  • Output Formats
  • Output/report file(s)
Export as PDF
  1. Xygeni Scanner CLI
  2. Xygeni CLI Overview

Xygeni CLI Output Formats

By default, if no specific option is provided, xygeni scan dumps each command results in tabular format to the standard output.

Output Formats

xygeni scan allows to specify different output formats through -f |--format

-f, --format=<formats>     Output format: none, text, markdown, json, csv, sarif (default: [text])

The output formats available are:

  • none, useful for the scanner to emit no output if there are no other output formats specified.

  • text, (default) for text table format.

  • markdown, similar to text but with the table rendered in Markdown format.

  • csv, comma-separated values (CSV) format with commas as file separator and lines separated by CR + LF characters.

  • json, JSON format. This format is used for uploading results to the platform servers.

  • sarif, SARIF format for exchange with other tools. Useful for importing results into source code managers like GitHub.

Multiple output formats could be specified with -f or --format.

Format configuration: Each scan configuration file conf/xygeni.SCAN.yml contains a report section for configuring each report with each scan results. For example, to choose a different set of columns for the CSV report, you may edit the columns field under -format: csv.

Note: the --report-columns option with specific scans may be given to select which columns to export for the csv and text formats.

Output/report file(s)

If you want to send the output to a file you can use -o|--output

  -o, --output=<output>      Output file template (filename will be prefixed by 'SCAN.').
                             Use 'stdout' or '-' for standard output, 'stderr' for standard error.

When -o|--output FILE option is not provided, the standard output will be used. Otherwise, the output will be done in the FILE specified, creating the intermediate directories when needed. You may use a dash (-) or stdout for standard output (the default), and stderr for the standard error.

When there are multiple scans, FILE will be prefixed with the scan name plus a dot: SCAN.FILE.

The report file names produced follow this algorithm:

  1. If there is a single format specified, FILE will be used unchanged if it is a FILE (not existing directory at that location).

  2. If there is a single format specified and FILE is a directory, a file name with the project name, handled to translate characters not allowed in file name and whitespace to _ (underscore), and extension the name of the format (text, csv, json, sarif…​).

  3. When multiple formats, and FILE is not a directory, FILE will have the extension removed if any of the format names are replaced for each format. So - when --format=csv,json,sarif --output=path/my_report.json the output paths should be (path/my_report.csv, path/my_report.json, path/my_report.sarif), as the extension .json matched one of the format names. - with --format=csv,json,sarif --output=path/my_report.v1 the output paths should be (path/my_report.v1.csv, path/my_report.v1.json, path/my_report.v1.sarif), as extension does not match any of the format names.

  4. When multiple formats, and FILE is a directory, then the project name (escaped) will be used as filename, and format name will be used as extension for each of the output files created in the given directory. For example, with --output=a/directory --format=csv,sarif and the project name is 'acme/fish and chips', two files will be created as a/directory/acme_fish_and_chips.csv and a/directory/acme_fish_and_chips.sarif.

Examples:

The command:

xygeni scan -f csv -o reports/my_project

will generate one .csv file for each scan step under the reports directory, named SCAN.my_project.csv: codetamper.my_project.csv, compliance.my_project.csv, …​, secrets.my_project.cvs.

The command:

xygeni scan -f csv -f sarif -o reports/my_project

will generate one .csv file and one .sarif file for each scan step under the reports directory, named my_project.EXT: my_project.csv and my_project.sarif.

The command:

xygeni secrets -f csv -f sarif -o reports/my_project

will generate one .csv file and one .sarif file under the reports directory, named my_project.csv: codetamper.my_project.csv, compliance.my_project.csv, …​, secrets.my_project.cvs.

PreviousXygeni CLI Configuration optionsNextExporting Xygeni results to 3rd party tools

Last updated 28 days ago