Xygeni CLI Output Formats

By default, if no specific option is provided, xygeni scan dumps each command results in tabular format to the standard output.

Output Formats

xygeni scan allows to specify different output formats through -f |--format

-f, --format=<formats>     Output format: none, text, markdown, json, csv, sarif (default: [text])

The output formats available are:

• none, useful for the scanner to emit no output if there are no other output formats specified.

• text, (default) for text table format.

• markdown, similar to text but with the table rendered in Markdown format.

• csv, comma-separated values (CSV) format with commas as file separator and lines separated by CR + LF characters.

• json, JSON format. This format is used for uploading results to the platform servers.

• sarif, SARIF format for exchange with other tools. Useful for importing results into source code managers like GitHub.

Format configuration: Each scan configuration file conf/xygeni.SCAN.yml contains a report section for configuring each report with each scan results. For example, to choose a different set of columns for the CSV report, you may edit the columns field under -format: csv.

Note: the --report-columns option with specific scans may be given to select which columns to export for the csv and text formats.

Output/report file(s)

If you want to send the output to a file you can use -o|--output

  -o, --output=<output>      Output file template (filename will be prefixed by 'SCAN.').
                             Use 'stdout' or '-' for standard output, 'stderr' for standard error.

When -o|--output FILE option is not provided, the standard output will be used. Otherwise, the output will be done in the FILE specified, creating the intermediate directories when needed. You may use a dash (-) or stdout for standard output (the default), and stderr for the standard error.

The report file names produced follow this algorithm:

1. If there is a single format specified, FILE will be used unchanged if it is a FILE (not existing directory at that location).

2. If there is a single format specified and FILE is a directory, a file name with the project name, handled to translate characters not allowed in file name and whitespace to _ (underscore), and extension the name of the format (text, csv, json, sarif…​).

3. When multiple formats, and FILE is not a directory, FILE will have the extension removed if any of the format names are replaced for each format. So - when --format=csv,json,sarif --output=path/my_report.json the output paths should be (path/my_report.csv, path/my_report.json, path/my_report.sarif), as the extension .json matched one of the format names. - with --format=csv,json,sarif --output=path/my_report.v1 the output paths should be (path/my_report.v1.csv, path/my_report.v1.json, path/my_report.v1.sarif), as extension does not match any of the format names.

4. When multiple formats, and FILE is a directory, then the project name (escaped) will be used as filename, and format name will be used as extension for each of the output files created in the given directory. For example, with --output=a/directory --format=csv,sarif and the project name is 'acme/fish and chips', two files will be created as a/directory/acme_fish_and_chips.csv and a/directory/acme_fish_and_chips.sarif.

Examples:

The command:

xygeni scan -f csv -o reports/my_project

will generate one .csv file for each scan step under the reports directory, named SCAN.my_project.csv: codetamper.my_project.csv, compliance.my_project.csv, …​, secrets.my_project.cvs.

The command:

xygeni scan -f csv -f sarif -o reports/my_project

will generate one .csv file and one .sarif file for each scan step under the reports directory, named my_project.EXT: my_project.csv and my_project.sarif.

The command:

xygeni secrets -f csv -f sarif -o reports/my_project

will generate one .csv file and one .sarif file under the reports directory, named my_project.csv: codetamper.my_project.csv, compliance.my_project.csv, …​, secrets.my_project.cvs.