vulkro formats
Print the catalogue of standards-based output formats and the exact
specification version each emitter targets (SARIF, CycloneDX, SPDX,
JUnit). Use it to confirm, in a script or a compliance checklist,
precisely which spec version a given --format produces.
The catalogue is generated from the emitter source
(src/output/sarif.rs, src/output/sbom.rs), so it can never drift
from what the binary actually writes. The version table on the
Output formats page is rendered from this same
catalogue and held in sync by a build-time drift check.
Fully offline. No license gate. Exit code 0.
Usage
vulkro formats # human-readable table (default)
vulkro formats --format json # stable machine-readable catalogue
vulkro formats --format markdown # regenerate the docs version table
Flags
| Flag | Description |
|---|---|
--format <table|json|markdown> | table (default) prints a terminal summary; json emits a stable { schema_version, formats[] } object for tooling; markdown prints the table embedded on the Output formats page. |
Output
--format json is stable and versioned (schema_version: 1):
{
"schema_version": 1,
"formats": [
{ "id": "sarif", "name": "SARIF", "spec_version": "2.1.0",
"spec_url": "https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html",
"extension": ".sarif" },
{ "id": "cyclonedx", "name": "CycloneDX SBOM", "spec_version": "1.6", "...": "..." }
]
}
Only the formats with an external, versioned specification appear here.
Plain emitters with no spec version (csv, ndjson, the PR-comment
formats) are documented in prose on the Output formats
page.
Related
- Output formats - every
--formatvalue, with the generated spec-version table this command feeds.