Skip to main content

Merge reports from multiple tools into a single file

Project description

ReportMix

PyPI License Python version Build Tests Pylint

Merge reports from multiple tools into a single file.

Install

Install ReportMix from PyPI:

pip install reportmix

Usage

Merge reports using the command-line interface:

reportmix

Arguments

Argument Description
-h, --help Show the help message and exit
-V, --version Show program's version number and exit
-v, --verbose Run verbosely (display DEBUG logging)
--output_dir OUTPUT_DIR The location to write the report
--config_file CONFIG_FILE The path to the configuration file
--formats FORMATS Report formats to be generated (csv, json, html)
--fields FIELDS Fields to include in the output report (CSV and HTML only)
--hash HASH Fields to use for hash generation
--title TITLE The HTML report title
--logo LOGO The URL to the organization logo to display on the HTML report
--meta.* User-defined metadata fields

Run reportmix --help to show the full help message.

Some properties (formats, fields, hash, ...) support a single value or a comma-separated list of items (e.g. --formats "csv,html,json").

Tool-specific configuration arguments are documented in the help message and below.

Configuration

Configure the merging process using command-line arguments or create a configuration file .reportmix in the working directory:

[global]
output_dir=target
formats=html,csv,json
fields=tool_name,tool_version,meta_organization,name,description,type,severity,subject_name
title=Analysis report
logo=http://acme.com/img/logo.png

[meta]
organization=Acme Corporation

[dependency_check]
report_file=target/dependency-check-report.csv

[npm_audit]
report_file=web-app/npm-audit.json

[sonarqube]
host_url=http://sonarqube.acme.corp
project_key=acme:myproject

This configuration can also be passed as command-line arguments:

reportmix --output_dir target --formats "html,csv,json" \
    --fields [...] --title "Analysis report" --logo "http://acme.com/img/logo.png" \
    --meta.organization "Acme Corporation" \
    --dependency_check.report_file "target/dependency-check-report.csv" \
    --npm_audit.report_file "web-app/npm-audit.json" \
    --sonarqube.host_url "http://sonarqube.acme.corp" --sonarqube.project_key "acme:myproject"

Metadata fields

Metadata fields allow to define some fields for each issue in the configuration:

Name Description Default value
product The product name
version The product version
organization The organization name
client The client name
audit_date The audit date now()

Hash

hash is a special field. It is not extracted from the reports data but computed using some of the issue fields to create a stable unique identifier. If multiple issues, in a single merged report or in different reports, generated at different times, have the same hash value, we can consider they are the same, so solving one of them will solve the others. It can be especially useful for computing a delta between multiple reports, tracking issues fixes, etc.

Supported reports

Reports produced by the following tools are currently supported:

  • Dependency-Check: load a vulnerability report generated by OWASP dependency check (CSV required, JSON optional), version 5.x is recommended
  • npm audit: load a security audit generated by npm-audit CLI command (JSON format only), npm@6 is required
  • SonarQube: load code quality analysis results from a SonarQube instance, version 7.x is required

Contributions to improve existing report loaders or add new ones are welcome!

Dependency-Check

  • Run a Dependency-Check scan (cf. Maven plugin)
    • The CSV report is required, the JSON report is optional (cf. format property in the plugin configuration)
  • Move dependency-check-report.* files in the working directory or configure ReportMix (dependency_check.report_file) to look for the file somewhere else
  • :heavy_check_mark: Run ReportMix

Dependency-Check loader

npm audit

  • Run a security audit using the npm-audit CLI command
    • Get the detailed audit report in JSON format, e.g.: npm audit --json > npm-audit.json
  • Move the npm-audit.json file in the working directory or configure ReportMix (npm_audit.report_file) to look for the file somewhere else
  • :heavy_check_mark: Run ReportMix

npm audit loader

SonarQube

  • Run a SonarQube analysis (cf. Analyzing Source Code)
  • Configure the instance URL (sonarqube.host_url), the project key (sonarqube.project_key), and authentication settings
  • :heavy_check_mark: Run ReportMix

SonarQube loader

License

ReportMix is licensed under the GNU General Public License.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for reportmix, version 0.4.1
Filename, size File type Python version Upload date Hashes
Filename, size reportmix-0.4.1-py3-none-any.whl (37.1 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size reportmix-0.4.1.tar.gz (32.3 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page