Skip to Content
CLIOutput Formats

Output Formats

Inkog supports three output formats optimized for different use cases.

Text Output (Default)

Human-readable format with ANSI colors and code frames, similar to Ruff and Semgrep.

inkog -output text .

Example output:

agent.py:23:5: CRITICAL [hardcoded_credentials]
  Hardcoded API key detected

 22 │   client = OpenAI(
 23 │       api_key="sk-proj-abc123..."
    │       ^^^^^^^^^^^^^^^^^^^^^^^^^^^
 24 │   )

  CWE-798 | OWASP A02:2021

agent.py:45:1: HIGH [prompt_injection]
  User input directly embedded in prompt template

 44 │   prompt = f"""
 45 │   You are a helpful assistant. User says: {user_input}
    │   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 46 │   """

  CWE-94 | OWASP LLM01

─────────────────────────────────────────────
Scan complete: 2 findings (1 critical, 1 high)
Security Gate: BLOCKED

Features:

  • Color-coded by severity (Critical=red, High=yellow, Medium=blue, Low=green)
  • Clickable file:line:column references
  • Code snippets with visual highlighting
  • CWE and OWASP metadata
  • Summary with severity counts

JSON Output

Structured output for programmatic processing and CI/CD integration.

inkog -output json .

Example output:

{
  "scan_id": "scan_abc123",
  "timestamp": "2024-01-15T10:30:00Z",
  "local_secrets": [
    {
      "id": "secret_1",
      "file": "config.py",
      "line": 23,
      "column": 5,
      "severity": "critical",
      "pattern": "hardcoded_credentials",
      "message": "Hardcoded API key detected",
      "confidence": 0.95,
      "cwe": "CWE-798",
      "owasp_category": "A02:2021"
    }
  ],
  "server_findings": [
    {
      "id": "finding_1",
      "file": "agent.py",
      "line": 45,
      "column": 1,
      "severity": "high",
      "pattern": "prompt_injection",
      "message": "User input directly embedded in prompt template",
      "confidence": 0.90,
      "cwe": "CWE-94",
      "owasp_llm": "LLM01"
    }
  ],
  "summary": {
    "total": 2,
    "critical": 1,
    "high": 1,
    "medium": 0,
    "low": 0
  },
  "security_gate": {
    "status": "BLOCKED",
    "reason": "1 critical and 1 high severity finding detected"
  },
  "compliance_report": {
    "eu_ai_act": {
      "article_15_violations": 1,
      "article_14_violations": 1
    },
    "owasp_llm_top_10": {
      "LLM01": 1,
      "LLM06": 1
    }
  }
}

Use in CI/CD:

# Parse with jq
inkog -output json . | jq '.summary.critical'
 
# Check security gate
if [ "$(inkog -output json . | jq -r '.security_gate.status')" = "BLOCKED" ]; then
  exit 1
fi

SARIF Output

Static Analysis Results Interchange Format - the standard for CI/CD security integrations.

inkog -output sarif . > results.sarif

Example output:

{
  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
  "version": "2.1.0",
  "runs": [
    {
      "tool": {
        "driver": {
          "name": "Inkog",
          "version": "1.0.0",
          "informationUri": "https://inkog.io",
          "rules": [
            {
              "id": "hardcoded_credentials",
              "name": "Hardcoded Credentials",
              "shortDescription": {
                "text": "Hardcoded API key or secret in source code"
              },
              "defaultConfiguration": {
                "level": "error"
              }
            }
          ]
        }
      },
      "results": [
        {
          "ruleId": "hardcoded_credentials",
          "level": "error",
          "message": {
            "text": "Hardcoded API key detected"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "agent.py"
                },
                "region": {
                  "startLine": 23,
                  "startColumn": 5
                }
              }
            }
          ]
        }
      ]
    }
  ]
}

GitHub Code Scanning integration:

# .github/workflows/security.yml
- name: Run Inkog
  run: inkog -output sarif . > results.sarif
 
- name: Upload SARIF
  uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: results.sarif

Features:

  • GitHub Code Scanning compatible
  • GitLab SAST report format
  • Azure DevOps compatible
  • CWE and OWASP rule metadata

HTML Output

Interactive report with filtering, suitable for sharing and review.

inkog -output html . > report.html

Features:

  • Dark mode (Vercel-style) design
  • Security grade badge (A-F)
  • Severity filter pills
  • Collapsible findings with code snippets
  • Print-friendly CSS for PDF export
  • Client-side JavaScript filtering

Security Grades:

GradePointsStatus
A0Excellent
B1-20Good
C21-50Moderate
D51-100Needs Work
F100+Critical

Point calculation:

  • Critical: 30 points
  • High: 20 points
  • Medium: 10 points
  • Low: 5 points

Quiet Mode

Spinners and colors are automatically disabled when:

  • Output format is JSON (-output json)
  • Running in CI environment (CI environment variable is set)

This keeps terminal output clean for automated environments.

Last updated on
GitHub ActionEnvironment Variables