Exporting scan results¶
The Johnny console agent supports exporting scan results in various formats. This allows to adapt reporting to different needs, including integration with vulnerability management systems.
Report on found vulnerabilities¶
Available formats¶
- coloredtable – colored table in the console. Default format;
- table – simple table;
- text – text report;
- junit – used in CI/CD (Jenkins, GitLab CI, GitHub Actions);
- sarif – unloaded to DefectDojo, CodeQL, Semgrep;
- csv – used in BI systems, Excel, Pandas, SQL;
- gl-dependency-scanning-report – report format for GitLab Dependency Scanning;
- gl-code-quality-report – report format for GitLab Code Quality;
- gl-secrets-report – report format for GitLab Secret Detection.
Usage example¶
If necessary, you can specify multiple formats, separating them with commas, for example:
./johnny scan file path/to/file \
--api_token <api_token> \
--api_url <api_url> \
--format "coloredtable, junit>>junit.xml"
In this example, the output will be in the coloredtable format to the console, and also saved to the junit.xml file in the junit format.
Report on triggered policy alerts¶
Available formats¶
- coloredtable – colored table in the console. Default format;
- table – simple table;
- text – text report;
- json – a structured format based on JavaScript Object Notation, suitable for data processing;
- csv – text format for table data;
Important: data structure of the json format can be changed in the upcoming versions of the binary agent;
Usage example¶
If necessary, you can specify multiple formats, separating them with commas, for example:
./johnny scan file path/to/file \
--api_token <api_token> \
--api_url <api_url> \
--alerts-format "coloredtable, json>>alerts.json"
In this example, the output will be in the coloredtable format to the console, and also saved to the alerts.json file in the json format.