Documentation → Reporting
How MCTS presents scan results — scores, exports, and shareable reports.
Confused by two scores? Read Scoring — developer guide first (5 min). Everything else links from there.
| Format | Command | Best for |
|---|---|---|
| Terminal | mcts scan ./server.py |
Quick feedback while coding |
| JSON | mcts scan … -o report.json |
Automation, HTML input, CI |
| SARIF | mcts scan … -f sarif -o report.sarif |
GitHub / GitLab Code Scanning |
| HTML | mcts report report.json -o report.html |
Leadership and security reviews |
| Order | Doc | Who it's for |
|---|---|---|
| 1 | Scoring developer guide | Everyone — mental model, CI cheat sheet, JSON fields |
| 2 | Scoring spec (legacy) | Legacy formula and --min-score gates |
| 3 | Scoring spec v2 | v2 factors, chains, calibration |
| 4 | Migration & policy | YAML policy, assets, history |
| 5 | SARIF scoreV2 | Code Scanning integration |
| Page | When to read |
|---|---|
| Interpreting findings | Why attack chains / overlap look alarming; trust mode |
| Findings trust — Phase 0 status | Maintainers: what shipped, what’s missing, CI/API fields |
| HTML dashboard | Layout of the executive report |
| Threat taxonomy | MCTS-T technique IDs on findings |