Features
STRIDE Detection IaC Support Rego Policy Engine AI Analysis Discovery & DFDs CI/CD Integration Output Formats Plugin System Threat Tracking Performance
Security Documentation
Documentation Get Started
Reporting

Output Formats

Generate findings in JSON, YAML, SARIF, Markdown, PDF, and Table formats. Professional PDF reports with charts, custom branding, and AI-enhanced content.

Machine-Readable

JSON and YAML formats for CI/CD pipelines, automation, and programmatic consumption.

SARIF Integration

Industry-standard SARIF format for GitHub Advanced Security, IDE integration, and tool interoperability.

PDF Reports

Professional-grade PDF reports with charts, visualizations, custom branding, and AI-enhanced content.

Flexible Output

Markdown for documentation and pull request comments. Table format for quick terminal review.

Supported Formats

Generate findings in the format your workflow needs:

FormatFlagUse Case
JSON--format jsonMachine-readable, CI/CD pipelines, programmatic consumption
YAML--format yamlHuman-readable, git-friendly diffs
SARIF--format sarifGitHub Advanced Security, IDE integration, tool interoperability
Markdown--format markdownDocumentation, pull request comments
PDF--format pdfExecutive reports, compliance documentation, stakeholder presentations
Table--format tableTerminal summary, quick review

PDF Reports

Professional-grade PDF reports with:

  • Report types: Technical detail, executive summary, compliance, delta (changes between scans)
  • Charts and visualizations: Severity distribution, STRIDE category breakdown, resource heatmaps
  • Custom branding: Logo, color scheme, headers/footers, organization name
  • AI-enhanced content: Detailed remediation steps, code examples, implementation effort estimates

SARIF for GitHub Security

Upload results directly to GitHub Advanced Security:

1
2
3
4
5
6
7

# GitHub Actions
- name: Scan infrastructure
  run: threatmitigator scan terraform ./infra --format sarif --output results.sarif
- name: Upload to GitHub Security
  uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: results.sarif

Usage Examples

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

# JSON for CI/CD pipelines
threatmitigator scan terraform ./infra --format json --output threats.json

# YAML for version control
threatmitigator scan terraform ./infra --format yaml --output threats.yaml

# Markdown for documentation
threatmitigator scan terraform ./infra --format markdown --output report.md

# PDF executive report
threatmitigator scan terraform ./infra --format pdf --output report.pdf

# Table for quick terminal review
threatmitigator scan terraform ./infra --format table

See it in action

Generate findings in the format your workflow needs, from machine-readable JSON to executive PDF reports.

Demo

Ready to Secure Your Infrastructure?

Join teams already using ThreatMitigator to identify security threats in their Terraform, CloudFormation, Docker, and Helm configurations.

Get Started Free View Documentation