Output Formats
CDK Insights offers multiple output formats to fit your workflow. Choose from table, JSON, markdown, summary, SARIF, or GitHub Actions formats for different use cases.
๐ Output Behavior Guide
Terminal output
Table, Summary, and GitHub Actions render directly in the terminal (or workflow log). No files are written to disk.
Files on disk
Markdown and SARIF write {stackName}_analysis_report.{md|sarif} into the working directory. SARIF also echoes its body to stdout so CI runners can pipe it without re-reading the file.
JSON โ both file and stdout
JSON writes {stackName}_analysis_report.json AND streams a clean document to stdout (progress logs redirected to stderr) so you can pipe to jq or redirect without reading from disk. Pair Markdown with --withIssue to also open a GitHub issue from the report (uses GITHUB_TOKEN).
Available Output Formats
CDK Insights supports six different output formats, each optimized for specific use cases:
- Table - Human-readable format perfect for terminal output
- JSON - Structured format ideal for automation and integration
- Markdown - Documentation-friendly format for reports and GitHub
- Summary - Concise format focusing on critical issues and metrics
- SARIF - Security tool format for GitHub Code Scanning integration
- GitHub Actions - Workflow commands for PR annotations
You can specify the output format using the --output flag.
Format Details
Table Format
Human-readable table format perfect for terminal output and quick reviews
Best For
- Quick reviews
- Terminal output
- Development workflow
Command
npx cdk-insights scan --output tableโ Displays in terminal - no files created
Output: Terminal-only โข Files: No files created
Example Output
โโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโโฌโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโ โ Resource โ Stack โ Severity โ Service โ Issue โ Location โ โโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโผโโโโโโโโโโโผโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโค โ MyBucket โ MyStack โ ๐ด CRIT โ S3 โ Public read access โ lib/stack.ts โ โ MyRole โ MyStack โ ๐ HIGH โ IAM โ Overly permissive โ lib/stack.ts โ โ MyFunction โ MyStack โ ๐ก MED โ Lambda โ High memory allocation โ lib/stack.ts โ โโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโดโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโ
JSON Format
Structured JSON output ideal for automation and integration with other tools
Best For
- CI/CD pipelines
- API integration
- Automated processing
Command
npx cdk-insights scan --output jsonโก Writes {stackName}_analysis_report.json AND emits a clean JSON document on stdout. Progress logs are redirected to stderr so piping to jq or redirecting works without reading from disk.
Output: File + stdout โข Files: Creates {stackName}_analysis_report.json. Stdout is also a clean JSON document for piping.
Example Output
{
"summary": {
"totalIssues": 15,
"critical": 3,
"high": 5,
"medium": 4,
"low": 3
},
"issues": [
{
"resource": "MyBucket",
"stack": "MyStack",
"severity": "CRITICAL",
"service": "S3",
"issue": "S3 bucket has public read access",
"location": "lib/stack.ts:15",
"recommendation": "Remove public access or use private bucket"
}
]
}Markdown Format
Markdown format perfect for documentation, reports, and GitHub integration
Best For
- Documentation
- GitHub issues
- Team reports
Command
npx cdk-insights scan --output markdown๐ Writes {stackName}_analysis_report.md to disk. Pair with --withIssue to also open a GitHub issue from the report (requires GITHUB_TOKEN).
Output: File on disk โข Files: Creates {stackName}_analysis_report.md in the working directory.
Example Output
# CDK Insights Analysis Report ## Summary - **Total Issues**: 15 - **Critical**: 3 - **High**: 5 - **Medium**: 4 - **Low**: 3 ## Critical Issues ### MyBucket (S3) - **Stack**: MyStack - **Location**: lib/stack.ts:15 - **Issue**: S3 bucket has public read access - **Recommendation**: Remove public access or use private bucket
Summary Format
Concise summary format showing only high-level statistics and critical issues
Best For
- Quick overviews
- Status checks
- CI/CD status
Command
npx cdk-insights scan --output summaryโ Displays in terminal - no files created
Output: Terminal-only โข Files: No files created
Example Output
CDK Insights Analysis Summary ================================ ๐ Total Issues: 15 ๐ด Critical: 3 ๐ High: 5 ๐ก Medium: 4 ๐ข Low: 3 ๐จ Critical Issues Found: - MyBucket: Public read access (lib/stack.ts:15) - MyRole: Overly permissive policies (lib/stack.ts:25) - MyFunction: High memory allocation (lib/stack.ts:35) โ ๏ธ Analysis completed with critical issues found.
SARIF Format
Static Analysis Results Interchange Format for GitHub Code Scanning and other security tools
Best For
- GitHub Code Scanning
- Security tools integration
- IDE integrations
Command
npx cdk-insights scan --output sarif๐ก Writes {stackName}_analysis_report.sarif and also echoes the document to stdout for CI runners that prefer to pipe it. The GitHub Action handles upload to Code Scanning automatically when sarif-upload: true.
Output: File + stdout โข Files: Creates {stackName}_analysis_report.sarif. Stdout also contains the document.
Example Output
{
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
"version": "2.1.0",
"runs": [{
"tool": {
"driver": {
"name": "CDK Insights",
"version": "1.27.1"
}
},
"results": [{
"ruleId": "S3-PUBLIC-ACCESS",
"level": "error",
"message": {
"text": "S3 bucket has public read access"
},
"locations": [{
"physicalLocation": {
"artifactLocation": { "uri": "lib/stack.ts" },
"region": { "startLine": 15 }
}
}]
}]
}]
}GitHub Actions Format
GitHub Actions workflow commands format for annotations in PR checks
Best For
- GitHub Actions workflows
- PR check annotations
- CI/CD pipelines
Command
npx cdk-insights scan --output github-actionsโ Outputs workflow commands to terminal
Output: Terminal-only โข Files: No files created. When analyzing multiple stacks, a consolidated summary is generated across all stacks
Example Output
::error file=lib/stack.ts,line=15,title=S3 Public Access::S3 bucket has public read access. Remove public access or use private bucket. ::warning file=lib/stack.ts,line=25,title=IAM Permissions::Overly permissive IAM policy. Apply least privilege principle. ::notice file=lib/stack.ts,line=35,title=Lambda Memory::High memory allocation for Lambda function.
Use Case Recommendations
Development Workflow
Quick analysis during development
Easy to read in terminal, shows all details at a glance
npx cdk-insights scan --output tableCI/CD Pipeline
Automated analysis in continuous integration
Structured data for programmatic processing and decision making
npx cdk-insights scan --output json --fail-on-criticalGitHub Integration
Creating issues from analysis results
GitHub-friendly format that can be directly posted as issue content
npx cdk-insights scan --output markdown --withIssueTeam Reporting
Sharing results with team members
Professional format suitable for documentation and team communication
npx cdk-insights scan --output markdown > analysis-report.mdStatus Monitoring
Quick health checks and monitoring
Concise format focusing on critical issues and high-level metrics
npx cdk-insights scan --output summaryGitHub Code Scanning
Security vulnerability tracking in GitHub Security tab
Industry-standard format integrated with GitHub Code Scanning
npx cdk-insights scan --output sarifAdvanced Output Options
Save to File
Redirect output to a file for later review or sharing:
npx cdk-insights scan --output markdown > analysis-report.mdCombine with Other Options
Output formats work with all other CDK Insights options:
npx cdk-insights scan --all --output json --fail-on-criticalnpx cdk-insights scan MyStack --output markdown --withIssueDefault Format
If no format is specified, CDK Insights uses table format by default:
npx cdk-insights scan # Uses table formatChoose Your Output Format
Experiment with different output formats to find the one that works best for your workflow.