Where can I find a description of the JSON report's file format?

[ianfixes]

I want to set up some processing code for the JSON report of brakeman, but I can't find any good data on what the individual entries in the errors and warnings arrays look like.

I mean, I can get some example warnings from a basic scan... but what fields are guaranteed to exist? What variations are there in the location field? And is an error entry going to have that same structure?

The reporter code itself is not very illustrative: https://github.com/presidentbeef/brakeman/blob/master/lib/brakeman/report/report_json.rb

Is there an example file that you could post?

[presidentbeef]

Hi @ianfixes,

Unfortunately there isn't existing documentation for JSON reports, although they are the most reliable and stable format for Brakeman reports. There is/was a JSON schema for Brakeman Pro but I discovered even that is incomplete.

Some notes below to get you started.

Reports will always have:

• errors (array)
• ignored_warnings (array of warnings)
• obsolete (array of strings)
• scan_info (table of info... these keys are stable)
• warnings (array of warnings)

Warnings will always have at least:

• check_name
• confidence
• file
• fingerprint
• line
• link
• message
• warning_code
• warning_type

Warning location (which I would not rely on too heavily) is built here.

Errors will have:

• error (String)
• location (String)

The formats for errors are not very standard (a bit of a pain point honestly).

[ianfixes]

This is great actually. Knowing that I can depend on file/line for warnings (but not for errors at all) means my ingestion algorithm is as complete as it can ever be.

I'll leave this issue open in case you want it for tracking purposes (i.e. to eventually put this info into the documentation) but your answer resolves my question.