Merge reports from multiple tools into a single file
Project description
ReportMix
Merge reports from multiple tools into a single file.
Install
Install ReportMix from PyPI:
pip install reportmix
Usage
Merge reports using the command-line interface:
reportmix
Arguments
Argument | Description | Default value |
---|---|---|
-h , --help |
Show the help message and exit | |
-V , --version |
Show program's version number and exit | |
-v , --verbose |
Run verbosely (display DEBUG logging) |
|
--output_dir OUTPUT_DIR |
The location to write the report | ./ |
--config_file CONFIG_FILE |
The path to the configuration file | .reportmix |
--formats FORMATS |
Report formats to be generated (csv , json , html ) |
html |
--fields FIELDS |
Fields to include in the output report (CSV and HTML only) | all |
--logo LOGO |
The URL to the organization logo to display on the HTML report | |
--meta.* |
User-defined metadata fields |
Run reportmix --help
to show the full help message.
Plural properties (formats
, fields
, ...) support a single value
or a comma-separated list of items (e.g. --formats "csv,html,json"
).
Tool-specific configuration arguments are documented in the help message and below.
Configuration
Configure the merging process using command-line arguments
or create a configuration file .reportmix
in the working directory:
[global]
output_dir=target
formats=html,csv,json
fields=tool_name,tool_version,meta_organization,name,description,type,severity,subject_name
logo=http://acme.com/img/logo.png
[meta]
organization=Acme Corporation
[dependency_check]
report_file=target/dependency-check-report.csv
[npm_audit]
report_file=web-app/npm-audit.json
[sonarqube]
host_url=http://sonarqube.acme.corp
project_key=acme:myproject
This configuration can also be passed as command-line arguments:
reportmix --output_dir target --formats "html,csv,json" \
--meta.organization "Acme Corporation"
--dependency_check.report_file "target/dependency-check-report.csv" \
--npm_audit.report_file "web-app/npm-audit.json" \
--sonarqube.host_url "http://sonarqube.acme.corp" --sonarqube.project_key "acme:myproject"
Metadata fields allows to define some fields for each issue in the configuration:
Name | Description | Default value |
---|---|---|
product |
The product name | |
version |
The product version | |
organization |
The organization name | |
client |
The client name | |
audit_date |
The audit date | now() |
Supported reports
Reports produced by the following tools are currently supported:
- Dependency-Check: load a vulnerability report generated by OWASP dependency check (CSV format only), version 5.x is recommended
- npm audit: load a security audit generated by npm-audit CLI command (JSON format only), npm@6 is required
- SonarQube: load code quality analysis results from a SonarQube instance, version 7.x is required
Contributions to improve existing report loaders or add new ones are welcome!
Dependency-Check
- Run a Dependency-Check scan (cf. Maven plugin)
- The
CSV
report must be generated (cf.format
property in the plugin configuration)
- The
- Move the
dependency-check-report.csv
file in the working directory or configure ReportMix (dependency_check.report_file
) to look for the file somewhere else - :heavy_check_mark: Run ReportMix
npm audit
- Run a security audit using the npm-audit CLI command
- Get the detailed audit report in JSON format, e.g.:
npm audit --json > npm-audit.json
- Get the detailed audit report in JSON format, e.g.:
- Move the
npm-audit.json
file in the working directory or configure ReportMix (npm_audit.report_file
) to look for the file somewhere else - :heavy_check_mark: Run ReportMix
SonarQube
- Run a SonarQube analysis (cf. Analyzing Source Code)
- Configure the instance URL (
sonarqube.host_url
), the project key (sonarqube.project_key
), and authentication settings - :heavy_check_mark: Run ReportMix
License
ReportMix is licensed under the GNU General Public License.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for reportmix-0.3.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9fe79e2d6b892a92fb8d2eeb95c3b2ce1f0fd5b0afcd6c0b20d68cef396b728e |
|
MD5 | ab713887efde3f60435f13fc6839dccb |
|
BLAKE2b-256 | de5619c5c17e116f1bbc021e8b64379a805494c45afeaec6612e0c0182e548be |