Merge reports from multiple tools into a single file
Project description
ReportMix
Merge reports from multiple tools into a single file.
:warning: This tool is only in alpha stage, not safe for production usage!
Install
Install ReportMix from PyPI:
pip install reportmix
Usage
Merge reports using the command-line interface:
reportmix
Arguments
Argument | Description | Default value |
---|---|---|
--help |
Show the help message and exit | |
--verbose |
Run verbosely (display DEBUG logging) |
|
--output_dir OUTPUT_DIR |
The location to write the report | ./ |
--config_file CONFIG_FILE |
The path to the configuration file | .reportmix |
--formats FORMATS |
Report formats to be generated (csv , json , html ) |
html |
--fields FIELDS |
Fields to include in the output report (CSV and HTML only) | all |
--logo LOGO |
The URL to the company logo to display on the HTML report |
Run reportmix --help
to show the full help message.
Plural properties (formats
, fields
, ...) support a single value
or a comma-separated list of items (e.g. --formats "csv,html,json"
).
Tool-specific configuration arguments are documented in the help message and below.
Configuration
Configure the merging process using command-line arguments
or create a configuration file .reportmix
in the working directory:
[global]
output_dir=target
formats=html,csv,json
fields=tool_name,tool_version,name,description,type,severity,subject_name
logo=http://acme.com/img/logo.png
[dependency_check]
report_file=target/dependency-check-report.csv
[npm_audit]
report_file=web-app/npm-audit.json
[sonarqube]
host_url=http://sonarqube.acme.corp
project_key=acme:myproject
This configuration can also be passed as command-line arguments:
python reportmix.py --output_dir target --formats "html,csv,json" \
dependency_check.report_file "target/dependency-check-report.csv" \
npm_audit.report_file "web-app/npm-audit.json" \
sonarqube.host_url "http://sonarqube.acme.corp" sonarqube.project_key "acme:myproject"
Supported reports
Reports produced by the following tools are currently supported:
- Dependency-Check: load a vulnerability report generated by OWASP dependency check (CSV format only), version 5.x is recommended
- npm audit: load a security audit generated by npm-audit CLI command (JSON format only), npm@6 is required
- SonarQube: load code quality analysis results from a SonarQube instance, version 7.x is required
Contributions to improve existing report loaders or add new ones are welcome!
Dependency-Check
- Run a Dependency-Check scan (cf. Maven plugin)
- The
CSV
report must be generated (cf.format
property in the plugin configuration)
- The
- Move the
dependency-check-report.csv
file in the working directory or configure ReportMix (dependency_check.report_file
) to look for the file somewhere else - :heavy_check_mark: Run ReportMix
npm audit
- Run a security audit using the npm-audit CLI command
- Get the detailed audit report in JSON format, e.g.:
npm audit --json > npm-audit.json
- Get the detailed audit report in JSON format, e.g.:
- Move the
npm-audit.json
file in the working directory or configure ReportMix (npm_audit.report_file
) to look for the file somewhere else - :heavy_check_mark: Run ReportMix
SonarQube
- Run a SonarQube analysis (cf. Analyzing Source Code)
- Configure the instance URL (
sonarqube.host_url
), the project key (sonarqube.project_key
), and authentication settings - :heavy_check_mark: Run ReportMix
Development
Environment
Create the virtual environment, install dependencies from Pipfile
and activate the Pipenv shell:
export PIPENV_VENV_IN_PROJECT=1 # optional
pipenv install
pipenv shell
Resources
- Basic Usage of Pipenv
- Tools for Writing Python CLI Applications
- argparse — Python 3 documentation
- configparser — Python 3 documentation
- csv — Python 3 documentation
- logging — Python 3 documentation
- A sample Python project
- Cowsay
License
ReportMix is licensed under the GNU General Public License.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for reportmix-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c57b5bc37759b27a136b6e1d87b86093cdda2b56e39017d42fc3f8b1e4010f2b |
|
MD5 | 8ae81844ad5d3f3c5ad7e36c498c7444 |
|
BLAKE2b-256 | 07e60f23d0dc40ee0a1a9af09de7af636476cc5dc016bc971f60cbcbf2fefa63 |