ounce:report
Description
The ounce:report
goal
generates a report from an assessment. If you do not specify an existing
assessment, ounce:report
runs ounce:scan
before
generating the report. Run ounce:report
from the
command line.
Specify the report parameters described in reportType Values
and reportOutputType Values. If you specify the
reportType
, you must also specify reportOutputType
and
reportOutputPath
. You can also choose to include remediation information in
the report.
reportType
Values
- A Findings report:
Findings
Findings by Fix Group
Findings by Type
Findings by Classification
Findings by File
Findings by API
Findings by Bundle
Findings by CWE
DTS Activity
- An AppScan®
Source report:
2021 CWE Top 25 Most Dangerous Software Weaknesses
DISA Application Security and Development STIG V5R1
DISA Application Security and Development STIG V5R3
OWASP API Security Top 10 2023
OWASP API Security Top 10 2019
OWASP Mobile Top 10
OWASP Top 10 2017
OWASP Top 10 2021
PCI Data Security Standard V3.2
Software Security Profile
- A custom report, if available.
reportOutputType
Values
- Specify one of the following formats for this report:
html
: Generates the report as HTML and displays it online.zip
: Creates a ZIP file that contains all HTML report components.
- For reports in PDF format, you can specify the level of detail:
pdf-summary
: Contains counts for each custom report grouppdf-detailed
: Contains counts for each API for each vulnerability propertypdf-comprehensive
: Contains tables consisting of every finding for every APIpdf-annotated
: Contains all findings, any notes included with the findings, and designated code snippetspdf-annotated
: Generates an annotated report as a PDF file.
Remediation information
Include How to Fix information in the report for remediation of
findings:
- Command line
variable:
-Dounce.includeHowToFix
- Example:
-Dounce.includeHowToFix=true