TachyonicReports
Generate HTML, JSON, and SARIF reports from scan results
Generate During Scan
# HTML report
tachyonic scan --target ... --provider anthropic --format html --output report.html
# SARIF for CI/CD
tachyonic scan --target ... --provider anthropic --format sarif --output results.sarif
# JSON (default)
tachyonic scan --target ... --provider anthropic --output results.jsonGenerate After Scan
Already have a JSON scan result? Convert it to another format:
# JSON → HTML
tachyonic report --input results.json --format html --output report.html
# JSON → SARIF
tachyonic report --input results.json --format sarif --output results.sarifHTML Report
Self-contained single-file HTML with:
- Executive summary with resistance score
- Severity breakdown (critical, high, medium, low, info)
- Individual findings with payload, response, and evidence
- Remediation guidance per OWASP category
- Cost summary (tokens, estimated spend)
Open directly in a browser — no server needed.
SARIF Report
Static Analysis Results Interchange Format. Compatible with:
- GitHub Code Scanning (upload via
github/codeql-action/upload-sarif) - GitLab SAST
- Azure DevOps
- VS Code SARIF Viewer extension
GitHub Code Scanning Example
- name: Run Tachyonic scan
run: |
tachyonic scan \
--target ${{ secrets.TARGET_URL }} \
--provider anthropic \
--format sarif \
--output results.sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarifJSON Report Structure
{
"scan": {
"id": "uuid",
"target": "https://...",
"started_at": "ISO8601",
"completed_at": "ISO8601",
"duration_ms": 16817,
"attacks_executed": 88,
"vulnerabilities_found": 2,
"results": [
{
"attack_name": "Tool Parameter Manipulation",
"category": "tool_abuse",
"severity": "high",
"success": true,
"confidence": 1.0,
"evidence": "...",
"payload": "...",
"response": "...",
"triage": {
"verdict": "confirmed",
"matched_heuristics": ["TP-INFO-LEAK"]
}
}
]
},
"score": {
"total": 97,
"rating": "excellent",
"category_scores": { ... }
},
"remediations": [ ... ]
}