SecScanner2JUnit
raw JSON → 1.1.0 verified Fri May 01 auth: no python
Command-line tool to convert security scanner output (e.g., Trivy, Grype, OWASP Dependency Check, GitLab SAST) into JUnit XML format, enabling integration with CI/CD pipelines. Current version 1.1.0, supports Python >=3.10, released irregularly.
pip install secscanner2junit Common errors
error ModuleNotFoundError: No module named 'secscanner2junit.converter' ↓
cause Old import path 'from secscanner2junit.converter import Converter' no longer works after version 1.0.0.
fix
Change import to: from secscanner2junit import Converter
error AttributeError: 'str' object has no attribute 'get' ↓
cause Passing a file path string to convert() instead of parsed JSON data.
fix
Read the file: with open('report.json') as f: data = json.load(f); then call convert(data, scanner='...')
Warnings
breaking In version 1.0.0, the import path changed from `secscanner2junit.converter` to `secscanner2junit`. Code using the old import will break. ↓
fix Update imports to `from secscanner2junit import Converter`.
gotcha The `convert()` method expects raw JSON data (e.g., parsed dictionary), not a file path. Passing a file path will produce silent failures. ↓
fix Read the file with `json.load()` or `json.loads()` before passing to `converter.convert()`.
deprecated OWASP Dependency Check format conversion in v1.1.0 is experimental. The method signature may change in future releases. ↓
fix Pin your version to 1.1.0 if relying on this feature, and monitor for breaking changes.
Imports
- Converter wrong
from secscanner2junit.converter import Convertercorrectfrom secscanner2junit import Converter
Quickstart
from secscanner2junit import Converter
import json
# Example: convert Grype JSON to JUnit
with open('grype-report.json', 'r') as f:
vulns = json.load(f)
converter = Converter()
junit_xml = converter.convert(vulns, scanner='grype')
with open('junit-result.xml', 'w') as f:
f.write(junit_xml)
print('Conversion complete')