Built a CLI tool that aggregates outputs from multiple security scanners into one report. Would you actually use this?
TL;DR
A CLI tool aggregates outputs from multiple security scanners into a unified report, deduplicates findings, prioritizes risks, and uses an LLM for explanations. It runs locally and integrates into CI/CD pipelines.
Tags
Hi people. I'm working on a tool that might address something I suspect could be a common problem. When you run several security scanners, you end up juggling multiple reports in different formats, with overlapping findings and inconsistent severity ratings, and no single unified view of what actually matters.
The tool: -Parses outputs from multiple scanners (XML, JSON, plain text, CSV)
- Deduplicates findings that describe the same issue across tools
- Scores and prioritizes risks based on CVSS + asset criticality + known exploits
- Uses an LLM to enrich findings with plain-language explanations alongside with remediation suggestions
- Exports a single PDF/HTML/CSV report with both a technical section and an executive summary
It's CLI-native, runs locally, no server required. Can be integrated in a CI/CD pipeline.
Genuine question - would you use something like this? Would it be useful for someone?
Who would actually find this useful? Pen testers? Internal security teams? Solo researchers? Or is this a problem that doesn't exist?
[link] [comments]