Skip to main content

Exporting reports

ShieldX can export the most recent scan, or any entry in scan history, to one of six formats.

Entry points

  • From the dashboard: click Export in the header. A quick-pick lists supported formats and writes file to location you choose.
  • From history: open any history entry and use Export this scan.
  • Default format: shieldx.reportFormat pre-selects the option in the picker.

Formats

Markdown

Human-readable summary suitable for code review, PR comments, and ticketing systems. Includes the executive overview, per-extension findings, and recommendations.

JSON

Stable structured output. Use for programmatic ingestion or to diff scans in CI.

HTML

Self-contained file with embedded fonts and styles. Good for sharing with others.

PDF

Renders the HTML report through a Chrome/Chromium binary.

  • Requires Chrome, Chromium, Edge, or Brave on PATH, or shieldx.pdfBrowserPath pointing to a binary
  • Command-palette picker only shows PDF when supported on current machine
  • If a PDF export is requested from UI without browser support, ShieldX falls back to HTML and shows a notice

CSV

One row per extension with key fields. Useful for spreadsheets and inventory dashboards.

SARIF

Static Analysis Results Interchange Format. Use with code-scanning UIs that ingest SARIF (GitHub Advanced Security, Azure DevOps, etc.). Each finding is mapped to a SARIF result with a rule ID derived from the underlying signal.

What is included

Every export contains:

  • Scan timestamp and ShieldX version
  • Per-extension entry: ID, version, publisher, risk score, risk level, trust signals, risk factors, recommendation
  • Policy violations from the same scan, when a policy file is present

Markdown, HTML, and PDF additionally include an executive summary paragraph.

What is not included

  • Raw HTTP responses from OSV or npm
  • Source code of scanned extensions
  • File paths outside the extension package