/home/runner/work/oh-pen-testing/oh-pen-testing/packages/websetup in progress: scan target will lock in once you finish the wizardReports
Export findings in four formats, from a quick markdown summary to a consultancy-grade PDF.
Reports are generated from the issues and scan data already in .ohpentesting/. Run opt scan first, then generate a report in any format:
opt report --format markdown # default
opt report --format json
opt report --format sarif
opt report --format pdf
# Combine formats in one pass
opt report --format markdown,json,sarifOutput files are written to .ohpentesting/reports/ with a timestamp in the filename.
.mdA structured narrative report: executive summary, findings by severity, per-issue analysis, and remediation status. Drop it into Notion, Confluence, or a GitHub issue.
--format markdown.jsonFull structured output of every scan, issue, agent run, and verification result. Feed it into your own dashboards, compliance pipelines, or CI checks.
--format json.sarifThe Static Analysis Results Interchange Format. Upload to GitHub Code Scanning, Snyk, Sonatype, or any SARIF-compatible viewer to get inline annotations on your PRs.
--format sarif.pdfA polished, print-ready penetration test deliverable. Suitable for handing to clients, legal, or compliance teams. Includes scope, methodology, findings table, and appendices.
--format pdfUpload the SARIF report to GitHub to get inline annotations on pull requests and a persistent security overview on your repo:
opt report --format sarif
# Upload via the GitHub CLI
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
/repos/OWNER/REPO/code-scanning/sarifs \
-f commit_sha=$(git rev-parse HEAD) \
-f ref=$(git symbolic-ref HEAD) \
-f sarif=$(cat .ohpentesting/reports/*.sarif | base64)Or add an upload-sarif step to your GitHub Actions workflow using the github/codeql-action/upload-sarif action.