DEV Community

Shahid Saddique
Shahid Saddique

Posted on

Building a Zero-Dependency Python Parser to Convert Veracode SAST JSON to HTML Dashboards

#devsecops #automation #python #cicd

In enterprise DevSecOps pipelines, velocity is everything. While running static application security testing (SAST) tools like Veracode inside containerized CI/CD runners is crucial for catching vulnerabilities early, dealing with the raw artifact data can be a bottleneck.

By default, high-velocity pipeline scans output a heavy, nested results.json file. Expecting developers or QA leads to dig through thousands of lines of raw JSON during a broken build step slows down remediation cycles.

To solve this, I built a lightweight, zero-dependency Python automation script that parses raw Veracode JSON data and instantly outputs a beautifully styled, responsive Bootstrap 5 HTML reporting dashboard.

📊 Full Engineering Architecture & Implementation Details: > For the complete step-by-step framework setup, local directory structures, and advanced break-build pipeline rules, check out the full guide on my portfolio:

Veracode SAST Pipeline Scan Automation Guide

🚀 Why Go Zero-Dependency?

When writing automated tasks for ephemeral CI/CD runners (like GitHub Actions, GitLab CI, or Bitbucket Pipelines), minimizing container setup time is critical.

Using external libraries like pandas or requests requires a pip install phase. This consumes precious build minutes, requires internet access within isolated runners, and introduces third-party dependency vulnerabilities.

This parser uses nothing but Python's built-in json and os libraries, meaning it executes in milliseconds on any minimal container base (like Python-slim or Alpine).

🛠️ The Core Logic Blueprint

The parsing script executes three main tasks:

  1. Validation & Ingestion: Safely checks for the existence of the compilation artifact (results.json).
  2. Metrics Aggregation: Tallies up total vulnerabilities and segments them into priority levels (High/Critical vs. Medium vs. Low) based on Veracode's severity weights.
  3. Semantic HTML Synthesis: Flushes the parsed findings arrays into an optimized, self-contained Bootstrap 5 table component.

python
# Quick snippet showing the data extraction layer
total_flaws = len(findings)
high_flaws = sum(1 for f in findings if f.get("severity") >= 4)
med_flaws = sum(1 for f in findings if f.get("severity") == 3)
low_flaws = sum(1 for f in findings if f.get("severity") <= 2)
Enter fullscreen mode Exit fullscreen mode

Top comments (0)