Add markdown output format for CI environments with key features summary

[Copilot]

Overview

Adds a new markdown output format (-f markdown) to Application Inspector that is specifically designed for CI/CD environments. This format provides a concise, well-organized summary of analysis results that renders beautifully in GitHub/GitLab PRs and issues.

Fixes #604

Motivation

The existing output formats (HTML, JSON, text, SARIF) are optimized for different use cases:

• HTML: Rich interactive reports for human review
• JSON: Complete data for programmatic processing
• Text: Simple command-line output
• SARIF: Integration with code analysis tools

However, none of these formats are ideal for posting analysis results directly in CI environments where you want:

• Human-readable output that renders nicely in PR comments
• Concise summary focused on key findings rather than every detail
• Organized presentation of security-relevant features
• Easy tracking of changes over time in version control

Changes

Core Implementation

• AnalyzeMarkdownWriter.cs: New writer class that formats analysis results in markdown with organized sections
• WriterFactory.cs: Added markdown format support to the writer factory
• CLICmdOptions.cs: Updated help text to include markdown in available formats
• Program.cs: Added markdown to the valid formats validation list

Testing

• TestMarkdownWriter.cs: Unit test verifying markdown output structure and content
• All existing tests pass: 347 tests with no regressions
• Security verified: CodeQL scan shows 0 alerts

Documentation

• README.md: Added example of using markdown output format

Usage

# Generate markdown report
appinspector analyze -s path/to/code -f markdown -o report.md

# Use in CI to post as PR comment
appinspector analyze -s ./src -f markdown -o analysis.md
gh pr comment $PR_NUMBER --body-file analysis.md

Output Format

The markdown format includes:

1. Summary

• Application name, version, authors, description
• Source path and scan date

2. Key Statistics (Table)

• Total files, files analyzed, files skipped
• Files with matches, total matches, unique matches

3. Key Features Detected

• Organized by category (Cryptography, Authentication, Data, Framework, etc.)
• Each feature listed as a code-formatted tag
• Easy to spot security-relevant features at a glance

4. Detected Technologies

• Languages with file counts
• Application and package types
• File extensions

5. Target Platforms

• Output types, operating systems, CPU architectures, cloud platforms

6. Dependencies

• List of detected dependencies (limited to 20 with overflow indication)

7. Detailed Tag Counters (Table)

• Metric breakdown showing frequency of each pattern

Example Output

# Application Inspector Analysis Report

## Summary
- **Application Name**: MyApp
- **Source Path**: `/path/to/code`
- **Date Scanned**: 10/21/2025 06:16:13

## Key Statistics
| Metric | Count |
|--------|-------|
| Total Files | 42 |
| Files Analyzed | 42 |
| Total Matches | 156 |
| Unique Tags | 23 |

## Key Features Detected
### Cryptography
- `Cryptography.Encryption.General`
- `Cryptography.HashAlgorithm.SHA2`

### Authentication
- `Authentication.General`

Benefits for CI/CD

✅ Readable in PRs: Markdown renders beautifully in GitHub/GitLab comments
✅ Concise: Focuses on key findings, not overwhelming detail
✅ Actionable: Easy to identify security-relevant features
✅ Machine-friendly: Can be parsed for automated policy checks
✅ Version control: Can be committed to track changes over time
✅ Minimal changes: Surgical implementation following existing patterns

Testing Coverage

• ✅ Unit tests for markdown writer functionality
• ✅ Tested with JavaScript, Python, and C# codebases
• ✅ All 347 existing tests pass
• ✅ CodeQL security scan: 0 alerts
• ✅ Manual verification of output formatting

Original prompt

#604 add A markdown output format sutiable for executing application inspector in a CI environment with a key features summary as described in the user feedback.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[gfs]

@copilot Add new unit tests for markdown format, and create markdown format writer as new writer in https://github.com/microsoft/ApplicationInspector/tree/main/AppInspector.CLI/Writers alongside others in factory pattern.

[gfs]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[Copilot]

@copilot Add new unit tests for markdown format, and create markdown format writer as new writer in https://github.com/microsoft/ApplicationInspector/tree/main/AppInspector.CLI/Writers alongside other...

The markdown writer and unit tests have already been implemented in commits eb2831c and fc77296:

✅ AnalyzeMarkdownWriter.cs created in AppInspector.CLI/Writers/ alongside other writers (AnalyzeHtmlWriter, AnalyzeJsonWriter, AnalyzeSarifWriter, AnalyzeTextWriter)

✅ Factory pattern integration in WriterFactory.cs - the markdown format is properly integrated in the GetAnalyzeWriter method

✅ TestMarkdownWriter.cs created in AppInspector.Tests/Commands/ with comprehensive unit test that verifies:

• Analyze command execution
• Markdown writer output generation
• Output format validation (headers, tables, sections)
• Test passes successfully (2/2 tests passed)

All 347 existing tests continue to pass with no regressions.