Lack of Structured Export Options for Findings and Reports #67
Description
Hey LoMar's,
While using DART for documenting findings and compiling reports, I noticed that exporting data in structured formats isn’t currently straightforward. The reporting workflow works well within the interface, but when trying to integrate the output with other tools (for example vulnerability tracking systems, internal dashboards, or documentation pipelines), it becomes difficult to reuse the data without manual extraction. Many teams today rely on automated pipelines to move findings between systems, and without a machine-readable export format, users often end up copying information manually or writing scripts to parse generated reports.
It could be helpful if DART supported exporting findings and report data in formats such as JSON, Markdown, or CSV. Having access to a structured export would make it easier to integrate DART with other tooling, store results in version-controlled documentation repositories, or run additional analysis on findings after an engagement. Even a simple export option that included the core fields (title, severity, affected asset, description, evidence, and remediation notes) would significantly improve portability of the data.
One possible approach could be exposing a simple export command or endpoint that allows findings to be exported in a structured format. For example, something along the lines of a CLI utility or management command:
python manage.py export_findings --format jsonor
dart export --format markdown --output findings.mdThe output could include the core fields that already exist in the database such as title, severity, affected asset, description, evidence, and remediation notes.
Example JSON output could look like:
{
"title": "Exposed SSH Service",
"severity": "Medium",
"asset": "10.10.5.14",
"description": "SSH service accessible from external network.",
"evidence": "nmap scan confirmed port 22 open.",
"remediation": "Restrict SSH access to internal networks only."
}This would make it easier to integrate DART with other tooling, such as pushing findings into vulnerability management platforms, storing engagement results in Git-based documentation repositories, or feeding results into dashboards for further analysis.
This could potentially be implemented either as a CLI command or as an option within the reporting interface that allows users to export findings in one of several structured formats. It would make DART much easier to integrate into automated workflows while keeping the existing reporting features intact.
Sincerely,
Michael