Configuring Output Formats and Reporting

1 min read Security Testing & Tools

Configuring Output Formats and Reporting

Trivy supports multiple output formats to integrate with different tools and workflows. The default table format provides human-readable results, while JSON and SARIF formats enable programmatic processing:

# Table format (default)
trivy image alpine:latest

# JSON format for programmatic processing
trivy image --format json --output results.json alpine:latest

# SARIF format for IDE integration
trivy image --format sarif --output results.sarif alpine:latest

# Template for custom formats
trivy image --format template --template "@contrib/gitlab.tpl" alpine:latest

# CycloneDX SBOM format
trivy image --format cyclonedx --output sbom.xml alpine:latest

Custom templates enable tailored reporting for specific requirements:

# Create custom template file: report.tpl
cat << 'EOF' > report.tpl
{{ range . }}
Vulnerability ID: {{ .VulnerabilityID }}
Package: {{ .PkgName }}
Severity: {{ .Severity }}
Fixed Version: {{ .FixedVersion }}
---
{{ end }}
EOF

# Use custom template
trivy image --format template --template report.tpl alpine:latest