Preparing for an Engagement                                                 Chapter 3

            It's a little hard to read. And the attempt to show the vulnerable modules within their
            nested dependencies makes it even harder:


































            But we can use some of its available flags to rectify this. As we pass in options to output the
            data in the KTPO format and specify the name of the file we want to save, we can also wrap
            it in a script to make it a handier reference from the command line. Let's make a script
            called TDBOKT TI:
                #!/bin/sh

                retire --path $1 --outputformat json --outputpath $2; python -m json.tool
                $2

            This script requires two arguments, the path to the files being analyzed and a name for the
            file it will output. Basically the script analyzes the target code repository, creates a KTPO file
            of the vulnerabilities it discovers, then prints out a pretty version of the KTPO file to
            45%065. The script has two outputs so that it can use the KTPO file as a local flat file log, and
            the 45%065 output to pass on to the next step, a formatting script.







                                                    [ 46 ]