Cli Output Formats
The BlockSecOps CLI supports multiple output formats for different use cases. --- | Format | Use Case | Machine-Readable | CI Integration |...
Last updated: January 14, 2026
CLI Output Formats
The BlockSecOps CLI supports multiple output formats for different use cases.
Format Overview
| Format | Use Case | Machine-Readable | CI Integration |
|---|---|---|---|
table |
Human terminal output | No | Limited |
json |
Scripts, custom tooling | Yes | Yes |
sarif |
GitHub/GitLab code scanning | Yes | Yes |
junit |
Test reporting, Jenkins | Yes | Yes |
Table Format (Default)
Human-readable output with colors and formatting.
blocksecops scan run contract.sol --output table
Example Output
┌──────────────────────────────────────────────────────────────────────────────┐
│ Scan Summary │
│ │
│ Status: COMPLETED │
│ Vulnerabilities: 5 │
│ 2 Critical 1 High 2 Medium │
│ │
│ Scanners: slither, aderyn, mythril │
│ Duration: 45.2s │
└──────────────────────────────────────────────────────────────────────────────┘
Vulnerabilities
┏━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┓
┃ Severity ┃ Title ┃ Location ┃ Scanner ┃
┡━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━┩
│ CRITICAL │ Reentrancy vulnerability │ Vault.sol:45 │ slither │
│ CRITICAL │ Unchecked external call │ Vault.sol:52 │ aderyn │
│ HIGH │ Missing access control │ Admin.sol:12 │ slither │
│ MEDIUM │ Floating pragma │ Token.sol:1 │ solhint │
│ MEDIUM │ Missing zero address check │ Token.sol:23 │ aderyn │
└──────────┴──────────────────────────────────────────┴──────────────────────────────┴─────────────────┘
Best For
- Interactive development
- Quick reviews
- Terminal output
JSON Format
Machine-readable JSON output.
blocksecops scan run contract.sol --output json
Example Output
{
"scan": {
"id": "2bff4881-edc1-46c1-b8f1-7c30960d8357",
"contract_id": "a3c12f9e-5678-9abc-def0-123456789abc",
"status": "completed",
"started_at": "2026-01-04T10:30:00Z",
"completed_at": "2026-01-04T10:31:45Z"
},
"summary": {
"total_vulnerabilities": 5,
"critical": 2,
"high": 1,
"medium": 2,
"low": 0,
"informational": 0
},
"scanners_used": ["slither", "aderyn", "mythril"],
"duration_seconds": 45.2,
"vulnerabilities": [
{
"id": "v-001",
"title": "Reentrancy vulnerability",
"description": "The function withdraw() makes an external call before updating state...",
"severity": "critical",
"confidence": "high",
"category": "reentrancy",
"file_path": "contracts/Vault.sol",
"line_number": 45,
"code_snippet": "payable(msg.sender).call{value: amount}(\"\");",
"recommendation": "Use checks-effects-interactions pattern or ReentrancyGuard",
"references": [
"https://swcregistry.io/docs/SWC-107"
],
"scanner_id": "slither"
}
]
}
Usage with jq
# Get vulnerability count
blocksecops scan run contract.sol -o json | jq '.summary.total_vulnerabilities'
# List critical vulnerabilities
blocksecops scan run contract.sol -o json | jq '.vulnerabilities[] | select(.severity == "critical")'
# Extract just titles
blocksecops scan run contract.sol -o json | jq -r '.vulnerabilities[].title'
Best For
- Scripts and automation
- Custom reporting tools
- Programmatic processing
SARIF Format
Static Analysis Results Interchange Format for GitHub/GitLab code scanning.
blocksecops scan run contract.sol --output sarif --output-file results.sarif
Example Output
{
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "BlockSecOps",
"version": "0.1.0",
"informationUri": "https://blocksecops.io",
"rules": [
{
"id": "reentrancy",
"name": "Reentrancy vulnerability",
"shortDescription": {
"text": "Reentrancy vulnerability"
},
"fullDescription": {
"text": "The function makes an external call before updating state"
},
"helpUri": "https://swcregistry.io/docs/SWC-107",
"defaultConfiguration": {
"level": "error"
},
"properties": {
"severity": "critical",
"category": "reentrancy"
}
}
]
}
},
"results": [
{
"ruleId": "reentrancy",
"level": "error",
"message": {
"text": "The function withdraw() makes an external call before updating state"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "contracts/Vault.sol"
},
"region": {
"startLine": 45,
"snippet": {
"text": "payable(msg.sender).call{value: amount}(\"\");"
}
}
}
}
],
"fixes": [
{
"description": {
"text": "Use checks-effects-interactions pattern or ReentrancyGuard"
}
}
]
}
]
}
]
}
GitHub Actions Integration
- name: Run BlockSecOps Scan
run: |
blocksecops scan run ./contracts \
--output sarif \
--output-file results.sarif \
--fail-on critical
- name: Upload SARIF to GitHub
uses: github/codeql-action/upload-sarif@v2
if: always() # Upload even if scan found issues
with:
sarif_file: results.sarif
GitLab CI Integration
security_scan:
script:
- blocksecops scan run ./contracts --output sarif --output-file gl-sast-report.sarif
artifacts:
reports:
sast: gl-sast-report.sarif
Best For
- GitHub Code Scanning
- GitLab SAST
- IDE integrations
- Standard security tool integration
JUnit Format
JUnit XML format for test reporting systems.
blocksecops scan run contract.sol --output junit --output-file results.xml
Example Output
<?xml version="1.0" ?>
<testsuites name="BlockSecOps Security Scan" tests="5" failures="3" errors="0" time="45.200">
<testsuite name="BlockSecOps - slither" tests="3" failures="2" errors="0">
<testcase classname="contracts.Vault.sol" name="Reentrancy vulnerability">
<failure type="CRITICAL" message="Reentrancy vulnerability">
Severity: CRITICAL
Confidence: high
Description:
The function withdraw() makes an external call before updating state
Code:
payable(msg.sender).call{value: amount}("");
Recommendation:
Use checks-effects-interactions pattern or ReentrancyGuard
References:
- https://swcregistry.io/docs/SWC-107
</failure>
<system-out>Location: contracts/Vault.sol:45</system-out>
</testcase>
<testcase classname="contracts.Admin.sol" name="Missing access control">
<failure type="HIGH" message="Missing access control">
Severity: HIGH
...
</failure>
</testcase>
<testcase classname="contracts.Token.sol" name="Floating pragma">
<system-err>
Severity: MEDIUM
Description: Pragma version is not fixed
</system-err>
</testcase>
</testsuite>
</testsuites>
Jenkins Integration
pipeline {
stages {
stage('Security Scan') {
steps {
sh '''
blocksecops scan run ./contracts \
--output junit \
--output-file security-results.xml \
--fail-on high
'''
}
post {
always {
junit 'security-results.xml'
}
}
}
}
}
Severity Mapping
| BlockSecOps Severity | JUnit Element |
|---|---|
| Critical | <failure> |
| High | <failure> |
| Medium | <system-err> |
| Low | <system-err> |
| Info | (passed test) |
Best For
- Jenkins test reports
- CI systems with JUnit support
- Test dashboard integration
Saving Output to File
All formats support file output:
# JSON to file
blocksecops scan run contract.sol --output json --output-file results.json
# SARIF to file
blocksecops scan run contract.sol --output sarif --output-file results.sarif
# JUnit to file
blocksecops scan run contract.sol --output junit --output-file results.xml
You can also redirect stdout:
blocksecops scan run contract.sol --output json > results.json
Format Comparison
| Feature | Table | JSON | SARIF | JUnit |
|---|---|---|---|---|
| Human-readable | Yes | No | No | No |
| Colors | Yes | No | No | No |
| Machine-parseable | No | Yes | Yes | Yes |
| GitHub Code Scanning | No | No | Yes | No |
| GitLab SAST | No | No | Yes | No |
| Jenkins | No | No | No | Yes |
| Custom scripts | No | Yes | No | No |
Next Steps
- CLI Commands - Full command reference
- CI/CD Integration - Pipeline setup
- GitHub Actions - GitHub workflow