Adversa SDK Tools supports an ever-growing variety of ways in which vulnerabilities are reported. Vulnerabilities can be reported in terminal output, flat text files, JavaScript Object Notation (JSON) files and Hypertext Markup Language (HTML) files. The default behavior is reporting through terminal output only. Text, JSON and HTML files are automatically generated when running an assessment against a supported build tool, such as Maven for Java.

Flat Text File

You can instruct Adversa SDK Tools to report identified vulnerabilities via a flat text file using the --report switch. The following example saves all discovered vulnerabilities into a flat text file called vulns.txt.

$ adversa assess --sdk jvm --report vulns.txt -- mvn verify

JavaScript Object Notation (JSON) File

You can instruct Adversa SDK Tools to report identified vulnerabilities via a JSON file using the --report switch. The following example saves all discovered vulnerabilities into a JSON file called vulns.json.

$ adversa assess --sdk jvm --report vulns.json -- mvn verify

Hypertext Markup Language (HTML) File

You can instruct Adversa SDK Tools to report identified vulnerabilities via a HTML file using the --report switch. The following example saves all discovered vulnerabilities into a HTML file called vulns.html.

$ adversa assess --sdk jvm --report vulns.html -- mvn verify

Multiple Report Formats

You can instruct Adversa SDK Tools to generate multiple report formats through the use of a comma (,) delimiter in the --report switch. The following example generates a JSON file and a HTML file of all identified vulnerabilities. Note that the optional --app switch is used to provide an application name of myapp to be rendered within the report.

$ adversa assess --app myapp --sdk jvm --report vulns.json,vulns.html -- mvn verify