ounce:report

Description

The ounce:report goal generates a report from an assessment. If you do not specify an existing assessment, ounce:report runs ounce:scan before generating the report. Run ounce:report from the command line.

Specify the report parameters described in reportType Values and reportOutputType Values. If you specify the reportType, you must also specify reportOutputType and reportOutputPath.

reportType Values

  • A Findings report:
    • Findings by Bundle
    • Findings by API
    • Findings by Classification
    • Findings
    • DTS Activity
    • Findings by Type
    • Findings by CWE
    • Findings by File
  • An AppScan® Source report:
    • CWE SANS Top 25 2011
    • DISA Application Security and Development STIG V4R4
    • OWASP Mobile Top 10
    • OWASP Top 10 2013
    • PCI Data Security Standard V3.2
    • Software Security Profile
  • A custom report, if available.

reportOutputType Values

  • Specify one of the following formats for this report:
    • html: Generates the report as HTML and displays it online.
    • zip: Creates a ZIP file that contains all HTML report components.
  • For reports in PDF format, you can specify the level of detail:
    • pdf-summary: Contains counts for each custom report group
    • pdf-detailed: Contains counts for each API for each vulnerability property
    • pdf-comprehensive: Contains tables consisting of every finding for every API
    • pdf-annotated: Contains all findings, any notes included with the findings, and designated code snippets
    • pdf-annotated: Generates an annotated report as a PDF file.