Merge reports from multiple tools into a single file
Project description
ReportMix
Merge reports from multiple tools into a single file.
:warning: This tool is only in alpha stage, not safe for production usage!
Install
Install ReportMix from PyPI:
pip install reportmix
Usage
Merge reports using the command-line interface:
reportmix
Arguments
Argument | Description | Default value |
---|---|---|
--help |
Show the help message and exit | |
--verbose |
Run verbosely (display DEBUG logging) |
|
--output_dir OUTPUT_DIR |
The location to write the report | ./ |
--config_file CONFIG_FILE |
The path to the configuration file | .reportmix |
--formats FORMATS |
Report formats to be generated (csv , json , html ) |
html |
--fields FIELDS |
Fields to include in the output report (CSV and HTML only) | all |
--logo LOGO |
The URL to the company logo to display on the HTML report |
Run reportmix --help
to show the full help message.
Plural properties (formats
, fields
, ...) support a single value
or a comma-separated list of items (e.g. --formats "csv,html,json"
).
Tool-specific configuration arguments are documented in the help message and below.
Configuration
Configure the merging process using command-line arguments
or create a configuration file .reportmix
in the working directory:
[global]
output_dir=target
formats=html,csv,json
fields=tool_name,tool_version,name,description,type,severity,subject_name
logo=http://acme.com/img/logo.png
[dependency_check]
report_file=target/dependency-check-report.csv
[npm_audit]
report_file=web-app/npm-audit.json
[sonarqube]
host_url=http://sonarqube.acme.corp
project_key=acme:myproject
This configuration can also be passed as command-line arguments:
reportmix --output_dir target --formats "html,csv,json" \
dependency_check.report_file "target/dependency-check-report.csv" \
npm_audit.report_file "web-app/npm-audit.json" \
sonarqube.host_url "http://sonarqube.acme.corp" sonarqube.project_key "acme:myproject"
Supported reports
Reports produced by the following tools are currently supported:
- Dependency-Check: load a vulnerability report generated by OWASP dependency check (CSV format only), version 5.x is recommended
- npm audit: load a security audit generated by npm-audit CLI command (JSON format only), npm@6 is required
- SonarQube: load code quality analysis results from a SonarQube instance, version 7.x is required
Contributions to improve existing report loaders or add new ones are welcome!
Dependency-Check
- Run a Dependency-Check scan (cf. Maven plugin)
- The
CSV
report must be generated (cf.format
property in the plugin configuration)
- The
- Move the
dependency-check-report.csv
file in the working directory or configure ReportMix (dependency_check.report_file
) to look for the file somewhere else - :heavy_check_mark: Run ReportMix
npm audit
- Run a security audit using the npm-audit CLI command
- Get the detailed audit report in JSON format, e.g.:
npm audit --json > npm-audit.json
- Get the detailed audit report in JSON format, e.g.:
- Move the
npm-audit.json
file in the working directory or configure ReportMix (npm_audit.report_file
) to look for the file somewhere else - :heavy_check_mark: Run ReportMix
SonarQube
- Run a SonarQube analysis (cf. Analyzing Source Code)
- Configure the instance URL (
sonarqube.host_url
), the project key (sonarqube.project_key
), and authentication settings - :heavy_check_mark: Run ReportMix
Development
Environment
Create the virtual environment, install dependencies from Pipfile
and activate the Pipenv shell:
export PIPENV_VENV_IN_PROJECT=1 # optional
pipenv install
pipenv shell
Resources
- Basic Usage of Pipenv
- Tools for Writing Python CLI Applications
- argparse — Python 3 documentation
- configparser — Python 3 documentation
- csv — Python 3 documentation
- logging — Python 3 documentation
- A sample Python project
- Cowsay
- twine · PyPI
License
ReportMix is licensed under the GNU General Public License.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for reportmix-0.1.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8e9f56701490bd7b7c6ea9433093b02b72fb8573737a57fbcdbfedf64c9b13b8 |
|
MD5 | 59308dc4cc7fd4d2b8f0d6cdd26cc8e3 |
|
BLAKE2b-256 | d4267dcc0bb1503ba25ee8cd539c99ceef1d1d99fcb2ad702d2e4225e7cff7f9 |