Output Formats
You can view Code Security output in various formats.
CLI
For CLI-based output:
HTML
For the output in the HTML format for infosec reviews, secops reviews or sending your periodical security email:
.spectral/spectral.yaml
reporter:
outputs:
stylish: { html: "output.html" } # produce HTML reportsCSV
For the CSV output, the configuration is for each repository, which means that after you run spectral init the configuration file .spectral/spectral.yaml is added to that repository.
Note - You can have one configuration file for multiple repositories and point with the -c flag to the global config file's location.
For output in the CSV format:
.spectral/spectral.yaml
reporter:
outputs:
stylish: { csv: "output.csv" } # produce CSV reportsJSON
For output in the JSON
JavaScript Object Notation. A lightweight data interchange format. format:
.spectral/spectral.yaml
reporter:
outputs:
stylish: { json: "output.json" } # produce JSON reportsLog
You can use the log format (with timestamps and logfmt fields) to parse or push to log indexing services, such as Elastic.
In addition, you can switch to JSON log.
Junit (junit-xml)
The Junit format is suitable for interop with CI/CD products that accept junit-xml test result format.
Code Security generates a failing test that you can inspect in your CI dashboard like any other test.
The XML results are generated in junit-out. To use, for example with CircleCI, point your CI to this folder:
version: 2
jobs:
build:
docker:
- image: circleci/node:latest
steps:
- checkout
- run: $HOME/.spectral/spectral run
- store_test_results:
path: ./junit-out/