Output Formats
Tool-Scan supports multiple output formats for different use cases.
Text (default)
Section titled “Text (default)”Human-readable output with scores, grades, and remarks:
tool-scan my_tool.jsonStructured output for automation and downstream processing:
tool-scan --json my_tool.json > report.json# ortool-scan --format json my_tool.json > report.jsonThe JSON output includes results (keyed by tool name), summary (counts and averages), and errors (file-level errors).
Output schema
Section titled “Output schema”Print the formal JSON Schema (2020-12) that defines the output structure:
tool-scan --output-schemaUse this to validate tool-scan output in CI or generate types for downstream code.
SARIF v2.1.0 output for integration with GitHub Code Scanning, Azure DevOps, and VS Code SARIF Viewer:
tool-scan --format sarif tools/*.json > results.sarifSARIF maps:
- Security threats to SARIF results with severity levels
- Compliance failures to SARIF results with fix suggestions
- Quality remarks to SARIF note-level results
- Rules are deduplicated across all scanned tools
Upload to GitHub Code Scanning:
- name: Scan run: tool-scan --format sarif tools/*.json > results.sarif
- name: Upload SARIF uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarifCompact JSON
Section titled “Compact JSON”Single-line JSON output, approximately 50% smaller than pretty-printed JSON:
tool-scan --json --compact-json tools/*.jsonWorks with both --json and --format json. Useful for log ingestion pipelines where compact output matters.
Streaming JSON
Section titled “Streaming JSON”Incremental JSON writing with periodic flush, reducing peak memory for large batches:
tool-scan --json --stream tools/*.jsonThe output is still valid, parseable JSON. Streaming mode writes results incrementally rather than buffering the entire output in memory.
Combine with compact mode for minimal memory and output size:
tool-scan --json --stream --compact-json tools/*.jsonConcurrent scanning
Section titled “Concurrent scanning”Process multiple files in parallel with --jobs:
tool-scan --jobs 4 --json tools/*.jsonOutput is deterministic regardless of the number of threads — the same input always produces the same output order. --jobs 1 (the default) matches sequential behavior exactly.