Skip to content

Commit 69918a4

Browse files
authored
Merge pull request #136 from ShrijalDubey/update-readme-132
docs: document report formats and CSV header behavior
2 parents b62a7d7 + 7550c47 commit 69918a4

1 file changed

Lines changed: 13 additions & 0 deletions

File tree

README.md

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,6 +156,19 @@ With `--json` alone, no report files are written; combine it with `--format` to
156156
files and print JSON in the same run. All human-readable messages (info, warnings,
157157
errors) move to stderr in `--json` mode, so stdout only ever contains the JSON payload.
158158

159+
### Report Formats
160+
161+
When using the `--format` flag, you can export your security scan results into four different formats. Each format serves a specific use case:
162+
163+
* **json**: Full, machine-readable scan data containing core metrics and any AI-generated findings. For stdout piping options, see the [Machine-readable output](#machine-readable-output) section above.
164+
* **html**: An interactive, visually clean web report summarizing your findings.
165+
* **pdf**: A portable, presentation-ready document summing up the report.
166+
* **csv**: A spreadsheet-ready tabular format listing out individual vulnerabilities.
167+
168+
> ⚠️ **Note on CSV Behavior:** If DockSec detects **zero vulnerabilities**, it will still generate a CSV file, but it will be **header-only** (containing only the column names with no data rows). This is intentional behavior to prevent downstream automated tools or CI/CD pipelines from breaking on a completely empty file, and should not be treated as a bug.
169+
170+
For specialized cloud-native workflows, you can also cross-reference the [SARIF output](#sarif-output) section.
171+
159172
### SARIF output for GitHub Code Scanning
160173

161174
`--sarif` writes a SARIF 2.1.0 report alongside the other report formats. Upload it

0 commit comments

Comments
 (0)