GenerateReport
Description
Create a report from an assessment.
Syntax
ounceauto GenerateReport
-assessment <assessment path>
-type <report type>
-output <output format>
-file <output location>
[-caller <caller>]
[-includeHowToFix]
[-includeSrcBefore <n>]
[-includeSrcAfter <n>]
[-includeTraceDefinitive]
[-includeTraceSuspect]
[-includeTraceCoverage]
-assessment <assessment path>
: Path to the assessment file for which you want to generate the report.-type "<report type>"
: Name of the report type in double quotation marks. Report types consist of Findings reports, AppScan® Source reports, and custom reports.AppScan® Source report types include:
- A Findings report:
Findings
Findings by Fix Group
Findings by Type
Findings by Classification
Findings by File
Findings by API
Findings by Bundle
Findings by CWE
DTS Activity
- An AppScan®
Source report:
2021 CWE Top 25 Most Dangerous Software Weaknesses
DISA Application Security and Development STIG V5R1
DISA Application Security and Development STIG V5R3
OWASP API Security Top 10 2023
OWASP API Security Top 10 2019
OWASP Mobile Top 10
OWASP Top 10 2017
OWASP Top 10 2021
PCI Data Security Standard V3.2
Software Security Profile
- A custom report, if available.
When entering the report type, in double quotation marks, enter the exactly as specified in the above list - for example
Findings by Classification
orSoftware Security Profile
.- A Findings report:
-output <output format>
: Specify one of these formats for this report,html
: Generates the report as HTML and displays it online.zip
: Creates a ZIP file that contains all HTML report components- For reports in PDF format, you can specify the level of detail:
pdf-summary
: Contains counts for each custom report grouppdf-detailed
: Contains counts for each API for each vulnerability propertypdf-comprehensive
: Contains tables consisting of every finding for every APIpdf-annotated
: Contains all findings, any notes included with the findings, and designated code snippetsoutput location
: The file path to write the report.
-file <output location>
: Specify the path and file name to which you want to save the report.-caller <caller>
: Optional. Assign a caller to the report generation operation. The caller can be the name of an actual user, but this is not required. The caller name is written to theounceauto
log file.-includeHowToFix
: Optional. Include advisory information for how to address and correct findings.-includeSrcBefore <n>
: Optional. The number of lines of source code to include before each finding.-includeSrcAfter <n>
: Optional. The number of lines of source code to include after each finding.-includeTraceDefinitive
: Optional. Include trace information in the report for definitive findings (see Classifications to learn about findings classifications).-includeTraceSuspect
: Optional. Include trace information in the report for suspect findings.-includeTraceCoverage
: Optional. Include trace information in the report for scan coverage findings.
Return Value
The Request ID if successful, or -1 if the request submission was unsuccessful.
Examples
- Generate a Findings by API report as an HTML file. In the report,
include trace information for definitive findings:
ounceauto generatereport -assessment C:\Ounce\Data\Webgoat.ozasmt -type "Findings by API" -output html -file C:\reports\Webgoat_Findings.html -includeTraceDefinitive
- To generate an OWASP Top 10 2013 AppScan®
Source report
as a PDF:
ounceauto generatereport -assessment C:\Ounce\Data\Webgoat.ozasmt -type "OWASP Top 10 2013" -output pdf-annotated -file C:\Reports\Webgoat_OWASP.pdf