DevOps5 min read

Vibgrate Output Formats: Text, JSON, SARIF, and Markdown for Every Workflow

Different consumers need different formats. Developers want terminal output. CI systems want SARIF. Managers want Markdown. Automation pipelines want JSON. Vibgrate supports all four — here's when to use each and how to generate them.

Luke Geaves

Luke Geaves

Vibgrate Blog

Four Formats, One Source of Truth

Every Vibgrate scan produces the same underlying data — scores, findings, dependency details, risk levels. What changes is how that data is presented. The --format flag lets you choose the right output for your audience and workflow.

Text (Default)

The default format. Colored, human-readable output designed for the terminal.

vibgrate scan .

Best for:

  • Quick checks during local development
  • First-time scans to understand your drift posture
  • Demos and team walkthroughs

The text output includes visual bars for each score component, color-coded severity indicators, and a structured Priority Actions section.

JSON

The full scan artifact in machine-readable format.

vibgrate scan . --format json --out scan.json

Best for:

  • Automation pipelines that consume drift data programmatically
  • Custom dashboards that need raw scores and dependency lists
  • Data analysis and trend aggregation across repositories

The JSON artifact follows a stable schema (schemaVersion: "1.0") and contains everything: raw scores, component breakdowns, every finding, full dependency lists with version details, VCS metadata, and scanner outputs. This is the same artifact saved to .vibgrate/scan_result.json by default.

SARIF

The Static Analysis Results Interchange Format — the standard for integrating analysis results into code review workflows.

vibgrate scan . --format sarif --out vibgrate.sarif

Best for:

  • GitHub Code Scanning — upload the SARIF file and see drift findings directly in your PR's Security tab
  • Azure DevOps — publish as a build artifact for security review
  • Any SARIF-compatible tool that aggregates static analysis results

SARIF output contains findings only (not the full metrics), mapped to file locations where relevant. This makes drift findings appear alongside your linting, security, and code quality warnings in the same interface your team already uses.

A typical GitHub Actions integration:

- name: Vibgrate Scan
  run: npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error

- name: Upload SARIF
  if: always()
  uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: vibgrate.sarif

Markdown

A clean, formatted report suitable for non-terminal consumers.

vibgrate report --in .vibgrate/scan_result.json --format md

Best for:

  • PR descriptions — paste the Markdown summary into a pull request for upgrade work
  • Wiki pages — publish drift reports alongside architecture and operations documentation
  • Leadership updates — a format that non-engineers can read and understand
  • Email summaries — copy-paste into comms for stakeholders

Combining Formats

Nothing stops you from generating multiple formats in a single pipeline:

# CI step: scan once
vibgrate scan . --format sarif --out vibgrate.sarif --fail-on error

# Generate Markdown for the PR
vibgrate report --in .vibgrate/scan_result.json --format md > drift-report.md

The scan only runs once. The vibgrate report command reads the saved artifact and reformats it — no re-scan needed.

The Vibgrate Drift Intelligence Engine ensures that regardless of format, the data is consistent. The same score, the same findings, the same priority actions — just presented in the way each audience needs them.

Choose your format, get your answers. Sign up at dash.vibgrate.com to generate drift reports in any format and share them with your whole team.

Topics

#output-formats#sarif#json#markdown#vibgrate-cli#ci-cd

Sources & References

Back to all articles