Metadata-Version: 2.1
Name: reportmix
Version: 0.2.0
Summary: Merge reports from multiple tools into a single file
Home-page: https://github.com/GaelGirodon/reportmix
Author: Gael Girodon
Author-email: contact@gaelgirodon.fr
License: UNKNOWN
Project-URL: Bug Reports, https://github.com/GaelGirodon/reportmix/issues
Project-URL: Source, https://github.com/GaelGirodon/reportmix
Description: # ReportMix
        
        [![PyPI](https://img.shields.io/pypi/v/reportmix?style=flat-square)](https://pypi.org/project/reportmix/)
        [![License](https://img.shields.io/github/license/GaelGirodon/reportmix?color=informational&style=flat-square)](https://github.com/GaelGirodon/reportmix/blob/master/LICENSE)
        [![Python version](https://img.shields.io/pypi/pyversions/reportmix?style=flat-square)](https://pypi.org/project/reportmix/)
        [![Build](https://img.shields.io/azure-devops/build/gaelgirodon/reportmix/10?style=flat-square)](https://dev.azure.com/gaelgirodon/reportmix)
        [![Tests](https://img.shields.io/azure-devops/tests/gaelgirodon/reportmix/10?style=flat-square)](https://dev.azure.com/gaelgirodon/reportmix)
        [![Pylint](https://img.shields.io/badge/pylint-9.33-success?style=flat-square)](tasks.yml#L28)
        
        Merge reports from [multiple tools](#supported-reports) into a single file.
        
        ## Install
        
        Install **ReportMix** from [PyPI](https://pypi.org/project/reportmix/):
        
        ```shell
        pip install reportmix
        ```
        
        ## Usage
        
        Merge reports using the command-line interface:
        
        ```shell
        reportmix
        ```
        
        ### Arguments
        
        | Argument                    | Description                                                | Default value |
        | --------------------------- | ---------------------------------------------------------- | ------------- |
        | `-h`, `--help`              | Show the help message and exit                             |               |
        | `-V`, `--version`           | Show program's version number and exit                     |               |
        | `-v`, `--verbose`           | Run verbosely (display `DEBUG` logging)                    |               |
        | `--output_dir OUTPUT_DIR`   | The location to write the report                           | `./`          |
        | `--config_file CONFIG_FILE` | The path to the configuration file                         | `.reportmix`  |
        | `--formats FORMATS`         | Report formats to be generated (`csv`, `json`, `html`)     | `html`        |
        | `--fields FIELDS`           | Fields to include in the output report (CSV and HTML only) | _all_         |
        | `--logo LOGO`               | The URL to the company logo to display on the HTML report  |               |
        | `--meta.*`                  | User-defined metadata fields                               | _empty_       |
        
        Run `reportmix --help` to show the full help message.
        
        Plural properties (`formats`, `fields`, ...) support a single value
        or a comma-separated list of items (e.g. `--formats "csv,html,json"`).
        
        Tool-specific configuration arguments are documented in the help message
        and [below](#supported-reports).
        
        ## Configuration
        
        Configure the merging process using **command-line arguments**
        or create a **configuration file** `.reportmix` in the working directory:
        
        ```ini
        [global]
        output_dir=target
        formats=html,csv,json
        fields=tool_name,tool_version,name,description,type,severity,subject_name
        logo=http://acme.com/img/logo.png
        
        [meta]
        company=Acme Corporation
        
        [dependency_check]
        report_file=target/dependency-check-report.csv
        
        [npm_audit]
        report_file=web-app/npm-audit.json
        
        [sonarqube]
        host_url=http://sonarqube.acme.corp
        project_key=acme:myproject
        ```
        
        This configuration can also be passed as **command-line arguments**:
        
        ```shell
        reportmix --output_dir target --formats "html,csv,json" \
            --meta.company "Acme Corporation"
            --dependency_check.report_file "target/dependency-check-report.csv" \
            --npm_audit.report_file "web-app/npm-audit.json" \
            --sonarqube.host_url "http://sonarqube.acme.corp" --sonarqube.project_key "acme:myproject"
        ```
        
        **Metadata fields** allows to define some fields for each issue in the configuration:
        
        | Name       | Description         |
        | ---------- | ------------------- |
        | `product`  | The product name    |
        | `version`  | The product version |
        | `company`  | The company name    |
        | `customer` | The customer name   |
        
        ## Supported reports
        
        Reports produced by the following tools are currently supported:
        
        - [**Dependency-Check**](#dependency-check):
          load a vulnerability report generated by OWASP dependency check
          (CSV format only), version 5.x is recommended
        - [**npm audit**](#npm-audit):
          load a security audit generated by npm-audit CLI command
          (JSON format only), npm@6 is required
        - [**SonarQube**](#sonarqube):
          load code quality analysis results from a SonarQube instance,
          version 7.x is required
        
        > Contributions to improve existing [report loaders](reportmix/loaders)
        > or add new ones are welcome!
        
        ### Dependency-Check
        
        - **Run** a Dependency-Check scan (cf. [Maven plugin](https://jeremylong.github.io/DependencyCheck/dependency-check-maven/))
          - The `CSV` report must be generated (cf. `format` property in the plugin configuration)
        - **Move** the `dependency-check-report.csv` file in the working directory
          or **configure** ReportMix (`dependency_check.report_file`) to look for the file somewhere else
        - :heavy_check_mark: **Run ReportMix**
        
        > → [Dependency-Check loader](reportmix/loaders/dependency_check.py)
        
        ### npm audit
        
        - **Run** a security audit using the [npm-audit](https://docs.npmjs.com/cli/audit) CLI command
          - Get the detailed audit report in JSON format, e.g.: `npm audit --json > npm-audit.json`
        - **Move** the `npm-audit.json` file in the working directory
          or **configure** ReportMix (`npm_audit.report_file`) to look for the file somewhere else
        - :heavy_check_mark: **Run ReportMix**
        
        > → [npm audit loader](reportmix/loaders/npm_audit.py)
        
        ### SonarQube
        
        - **Run** a SonarQube analysis (cf. [Analyzing Source Code](https://docs.sonarqube.org/latest/analysis/overview/))
        - **Configure** the instance URL (`sonarqube.host_url`), the project key (`sonarqube.project_key`),
          and [authentication](https://docs.sonarqube.org/latest/extend/web-api/) settings
        - :heavy_check_mark: **Run ReportMix**
        
        > → [SonarQube loader](reportmix/loaders/sonarqube.py)
        
        ## License
        
        **ReportMix** is licensed under the GNU General Public License.
        
Keywords: report mix merge security dependency-check npm audit sonarqube owasp
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Topic :: Software Development :: Quality Assurance
Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.7
Requires-Python: >=3.7
Description-Content-Type: text/markdown
