Output Formats

The scanner supports 10 output formats, selected with –format .

Format–format valueFile extensionPrimary use case
Markdown (default)markdown.mdConsole output, MR/PR comments, wiki pages
JSONjson.jsonProgrammatic processing, custom CI dashboards
HTMLhtml.htmlStakeholder reports (dark/light mode)
SARIF 2.1.0sarif.sarifGitHub Code Scanning, security aggregators
GitLab SASTgl-sast / gitlab-sast.jsonGitLab Security Dashboard, MR security widget
JUnit XMLjunit.xmlGitLab/Jenkins reports:junit tab
XML (generic)xml.xmlEnterprise XML-based tools
YAMLyaml.ymlYAML-driven config pipelines
CSVcsv.csvSpreadsheets, Excel, data analysis
CycloneDX 1.5 SBOMcyclonedx / sbom.cdx.jsonDependency-Track, GitHub Dependency Graph, Snyk

The CycloneDX output is a full SBOM of the Ansible project: Galaxy collections, roles, pip packages, bindep system packages, and execution-environment container images - each mapped to a standard purl, alongside the scanner’s findings as CycloneDX vulnerabilities[] entries so downstream consumers get both inventory and risk in a single document.

1
2
3

# --format is inferred from --output if omitted, so these two are equivalent:
ansible-security-scanner --output security_report.json
ansible-security-scanner --format json --output security_report.json

Explicit examples for every supported format:

1
2
3
4
5
6
7
8
9

# Default format - prints to console
ansible-security-scanner --format markdown
ansible-security-scanner --format json      --output security_report.json
ansible-security-scanner --format html      --output security_report.html
ansible-security-scanner --format sarif     --output results.sarif
ansible-security-scanner --format gl-sast   --output gl-sast-report.json
ansible-security-scanner --format junit     --output reports/security-results.xml
ansible-security-scanner --format csv       --output findings.csv
ansible-security-scanner --format cyclonedx --output sbom.cdx.json

Per-file reports (1:1 input:output, every scanned file gets a report):

1
2

ansible-security-scanner --directory ansible/ --output-per-file --format markdown
# Writes ./security-reports/site.yml.md, ./security-reports/roles/web/tasks/main.yml.md, etc.