search

sonatype-nexus-community / auditjs

Audits an NPM package.json file to identify known vulnerabilities.
https://www.npmjs.com/package/auditjs
Apache License 2.0
224 stars 53 forks source link

[FEATURE] Allow saving the Nexus IQ report JSON to file #264

Open instinet-lewis-boon opened 1 year ago

instinet-lewis-boon commented 1 year ago

The scan-gradle-plugin allows us save the Nexus IQ scan results to a file with the property resultFilePath.

It would be great if this plugin could also dump the results to a file.

Once we have the file we can programmatically reference the results. For example, we can get the report URL and store it with other evidence. Ultimately, we would like to get the CycloneDX SBOM and store it with our artifacts.

This code in the scan-gradle-plugin passes in the jsonResultsFile. It looks like the nexus-platform-api has built in support for saving the report to a file.

cc @bhamail / @DarthHater / @allenhsieh / @ken-duck

duraki commented 1 year ago

Whats wrong with alternative output formats?

instinet-lewis-boon commented 1 year ago

The --json and --xml flags are only available on the ossi subcommand. We only use the iq subcommand. Ideally, the output would be consistent across auditjs, scan-gradle-plugin, nancy, etc.