CSV Export

Generating CSV
Columns
Example Output
Usage

CSV exports produce a flat file with one row per finding, suitable for Excel, Google Sheets, database import, and reporting workflows.

Generating CSV

CLI:

qai audit scan --transport stdio --command "npx @modelcontextprotocol/server-memory" \
  --format csv --output results.csv

Or convert an existing scan:

qai audit report --input results/scan.json --format csv --output results.csv

Columns

Column	Description
`run_id`	Run identifier
`target_name`	Target name
`category`	Finding category (e.g., `command_injection`, `auth`)
`severity`	Severity level (`critical`, `high`, `medium`, `low`, `info`)
`title`	Finding title
`description`	Detailed description

Example Output

run_id,target_name,category,severity,title,description,tool_name,owasp_mcp_id,remediation,mitigation_summary,framework_ids,timestamp
a1b2c3d4,memory-server,command_injection,high,Tool parameter allows shell injection,...,memory_store,MCP05,...,...,owasp_mcp_top10=MCP05; mitre_atlas=AML.T0054,2026-03-22T10:30:15

Usage

Open directly in Excel or Google Sheets. All text fields containing commas, quotes, or newlines are properly escaped per RFC 4180. For database import:

-- PostgreSQL
COPY findings FROM '/path/results.csv' WITH (FORMAT csv, HEADER);

For command-line analysis, use a CSV-aware tool to handle quoted fields and newlines correctly (plain cut/grep can break on RFC 4180 CSV):

# Using csvkit (pip install csvkit)
csvcut -c severity results.csv | sort | uniq -c | sort -rn   # Count by severity
csvgrep -c severity -m high results.csv > high.csv           # Filter high-severity

# Using Python's csv module
python -c "
import csv, sys
with open('results.csv') as f:
    reader = csv.DictReader(f)
    for row in reader:
        if row['severity'] == 'high':
            print(row['title'])
"

CSV flattens the framework_ids dict into a single string column. For structured framework data, use the JSON bundle or NDJSON exports.

NDJSON Export

DefectDojo Integration

⌘I

Getting Started

Web UI

Assistant

Audit

Inject

Proxy

Chain

IPI — Indirect Prompt Injection

CXP — Context File Poisoning

RXP — RAG Retrieval Poisoning

External Tool Import

Exports & Integrations

Configuration

Database & Targets

Architecture

Generating CSV

Columns

Example Output

Usage

Getting Started

Web UI

Assistant

Audit

Inject

Proxy

Chain

IPI — Indirect Prompt Injection

CXP — Context File Poisoning

RXP — RAG Retrieval Poisoning

External Tool Import

Exports & Integrations

Configuration

Database & Targets

Architecture

Documentation Index

​Generating CSV

​Columns

​Example Output

​Usage

Generating CSV

Columns

Example Output

Usage