Frontguard supports multiple output styles.
If you are not sure which one to pick, run the guided wizard:
frontguard startIt explains each output option before running the scan.
Default terminal output:
frontguard scan ./distThis is compact and readable.
frontguard scan ./dist --copy
frontguard deep-scan http://localhost:3000 --copyUse this for:
- GitHub issues
- Pull requests
- Slack
- Docs
- AI coding assistant prompts
The report includes:
- Frontguard Score out of 100
- Summary counts
- Scan context
- Findings
- Evidence
- Recommendations
- Defensive verification guidance
- Possible false-positive notes
frontguard scan ./dist --json --output report.jsonUse JSON for automation or later conversion with:
frontguard report report.json --markdownJSON reports are friendly by default: Frontguard keeps findings, metadata, headers, and summaries of captured assets/bodies, but it does not dump full HTML, JavaScript, request bodies, or response bodies into the terminal. Each captured body gets a length, SHA-256, and short preview instead.
If you need the complete captured evidence for local debugging, opt in explicitly:
frontguard scan ./dist --json --raw --output full-evidence.jsonOnly use --raw for trusted local handling because it can include full client assets and captured traffic bodies.
Frontguard focuses on first-party and same-site evidence by default. This keeps reports centered on the app you own and avoids noisy findings from analytics, CDNs, and external SDK hosts.
frontguard scan https://example.com --include-third-partyUse --include-third-party when you intentionally want to review external scripts, headers, and traffic too.
frontguard scan ./dist --sarif --output report.sarifSARIF is useful for code scanning integrations and security dashboards.
frontguard scan ./dist --ci --fail-on highExit behavior:
0: no findings at or above the threshold1: findings met the failure threshold2: scanner/runtime error