Skip to Content
CLIOutput Formats

Output Formats

Inkog supports three output formats optimized for different use cases.

Text Output (Default)

Human-readable format with ANSI colors and code frames, similar to Ruff and Semgrep.

inkog -output text .

Example output:

agent.py:23:5: CRITICAL [hardcoded_credentials]
  Hardcoded API key detected

 22 │   client = OpenAI(
 23 │       api_key="sk-proj-abc123..."
    │       ^^^^^^^^^^^^^^^^^^^^^^^^^^^
 24 │   )

  CWE-798 | OWASP A02:2021

agent.py:45:1: HIGH [prompt_injection]
  User input directly embedded in prompt template

 44 │   prompt = f"""
 45 │   You are a helpful assistant. User says: {user_input}
    │   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 46 │   """

  CWE-94 | OWASP LLM01

─────────────────────────────────────────────
Scan complete: 2 findings (1 critical, 1 high)
Security Gate: BLOCKED

Features:

  • Color-coded by severity (Critical=red, High=yellow, Medium=blue, Low=green)
  • Clickable file:line:column references
  • Code snippets with visual highlighting
  • CWE and OWASP metadata
  • Summary with severity counts

JSON Output

Structured output for programmatic processing and CI/CD integration.

inkog -output json .

Example output:

{
  "scan_id": "scan_abc123",
  "timestamp": "2024-01-15T10:30:00Z",
  "local_secrets": [
    {
      "id": "secret_1",
      "file": "config.py",
      "line": 23,
      "column": 5,
      "severity": "critical",
      "pattern": "hardcoded_credentials",
      "message": "Hardcoded API key detected",
      "confidence": 0.95,
      "cwe": "CWE-798",
      "owasp_category": "A02:2021"
    }
  ],
  "server_findings": [
    {
      "id": "finding_1",
      "file": "agent.py",
      "line": 45,
      "column": 1,
      "severity": "high",
      "pattern": "prompt_injection",
      "message": "User input directly embedded in prompt template",
      "confidence": 0.90,
      "cwe": "CWE-94",
      "owasp_llm": "LLM01"
    }
  ],
  "summary": {
    "total": 2,
    "critical": 1,
    "high": 1,
    "medium": 0,
    "low": 0
  },
  "security_gate": {
    "status": "BLOCKED",
    "reason": "1 critical and 1 high severity finding detected"
  },
  "compliance_report": {
    "eu_ai_act": {
      "article_15_violations": 1,
      "article_14_violations": 1
    },
    "owasp_llm_top_10": {
      "LLM01": 1,
      "LLM06": 1
    }
  }
}

Use in CI/CD:

# Parse with jq
inkog -output json . | jq '.summary.critical'
 
# Check security gate
if [ "$(inkog -output json . | jq -r '.security_gate.status')" = "BLOCKED" ]; then
  exit 1
fi

HTML Output

Interactive report with filtering, suitable for sharing and review.

inkog -output html . > report.html

Features:

  • Dark mode (Vercel-style) design
  • Security grade badge (A-F)
  • Severity filter pills
  • Collapsible findings with code snippets
  • Print-friendly CSS for PDF export
  • Client-side JavaScript filtering

Security Grades:

GradePointsStatus
A0Excellent
B1-20Good
C21-50Moderate
D51-100Needs Work
F100+Critical

Point calculation:

  • Critical: 30 points
  • High: 20 points
  • Medium: 10 points
  • Low: 5 points

Quiet Mode

Spinners and colors are automatically disabled when:

  • Output format is JSON (-output json)
  • Running in CI environment (CI environment variable is set)

This keeps terminal output clean for automated environments.

Last updated on
CommandsEnvironment Variables