@@ -410,17 +410,27 @@ func main() {
410410 excludeGlobList = append (excludeGlobList , filepath .ToSlash (p ))
411411 }
412412
413+ // Helper to print status messages (stderr for JSON/SARIF, stdout for text)
414+ outputFormat := * output
415+ statusPrint := func (format string , args ... interface {}) {
416+ if outputFormat == "json" || outputFormat == "sarif" {
417+ fmt .Fprintf (os .Stderr , format , args ... )
418+ } else {
419+ fmt .Printf (format , args ... )
420+ }
421+ }
422+
413423 // Load baseline ONLY if explicitly specified via --baseline flag
414424 // Baseline is opt-in - by default we report ALL findings
415425 loadedBaseline = baseline .New ()
416426 if * baselinePath != "" {
417427 loadedBaseline , err = baseline .Load (* baselinePath )
418428 if err != nil {
419- fmt .Printf ( "%sError loading baseline: %v%s\n " , RedColor , err , ResetColor )
429+ fmt .Fprintf ( os . Stderr , "%sError loading baseline: %v%s\n " , RedColor , err , ResetColor )
420430 os .Exit (1 )
421431 }
422432 if loadedBaseline .Count () > 0 {
423- fmt . Printf ("%sLoaded baseline with %d known findings (will be suppressed)%s\n " , YellowColor , loadedBaseline .Count (), ResetColor )
433+ statusPrint ("%sLoaded baseline with %d known findings (will be suppressed)%s\n " , YellowColor , loadedBaseline .Count (), ResetColor )
424434 }
425435 }
426436
@@ -439,11 +449,11 @@ func main() {
439449
440450 pipeline , err = verification .NewPipeline (pipelineConfig )
441451 if err != nil {
442- fmt . Printf ("%sWarning: Failed to initialize LLM pipeline: %v%s\n " , YellowColor , err , ResetColor )
443- fmt . Printf ("%sContinuing with standard detection only...%s\n \n " , YellowColor , ResetColor )
452+ statusPrint ("%sWarning: Failed to initialize LLM pipeline: %v%s\n " , YellowColor , err , ResetColor )
453+ statusPrint ("%sContinuing with standard detection only...%s\n \n " , YellowColor , ResetColor )
444454 pipeline = nil
445455 } else {
446- fmt . Printf ("%sLLM verification enabled%s\n \n " , GreenColor , ResetColor )
456+ statusPrint ("%sLLM verification enabled%s\n \n " , GreenColor , ResetColor )
447457 defer pipeline .Close ()
448458 }
449459 }
@@ -458,7 +468,7 @@ func main() {
458468 }
459469
460470 // PHASE 1: Scan current working directory files (with LLM verification if enabled)
461- fmt . Printf ("Phase 1: Scanning current files...\n " )
471+ statusPrint ("Phase 1: Scanning current files...\n " )
462472 {
463473 // Normal file system scanning
464474 var wg sync.WaitGroup
@@ -522,27 +532,27 @@ func main() {
522532
523533 wg .Wait ()
524534 }
525- fmt . Printf ("Found %d potential secrets in current files\n " , len (secretsFound ))
535+ statusPrint ("Found %d potential secrets in current files\n " , len (secretsFound ))
526536
527537 // PHASE 2: Scan git history (no LLM - can't access file content at old commits)
528538 // Git history scanning is ON by default. Use --no-git-history to skip.
529539 if isGitRepo && ! * noGitHistory {
530- fmt . Printf ("\n Phase 2: Scanning git history...\n " )
540+ statusPrint ("\n Phase 2: Scanning git history...\n " )
531541 var err error
532542 historySecrets , err = scanGitHistory (dir , * gitMaxCommits , * gitRef , * gitSinceDate , nil ) // nil pipeline = no LLM
533543 if err != nil {
534- fmt . Printf ("%sWarning: Git history scan failed: %v%s\n " , YellowColor , err , ResetColor )
544+ statusPrint ("%sWarning: Git history scan failed: %v%s\n " , YellowColor , err , ResetColor )
535545 } else {
536- fmt . Printf ("Found %d potential secrets in git history\n " , len (historySecrets ))
546+ statusPrint ("Found %d potential secrets in git history\n " , len (historySecrets ))
537547 secretsFound = append (secretsFound , historySecrets ... )
538548 }
539549 } else if ! isGitRepo {
540- fmt . Printf ("\n Skipping git history scan (not a git repository)\n " )
550+ statusPrint ("\n Skipping git history scan (not a git repository)\n " )
541551 } else if * noGitHistory {
542- fmt . Printf ("\n Skipping git history scan (--no-git-history)\n " )
552+ statusPrint ("\n Skipping git history scan (--no-git-history)\n " )
543553 }
544554
545- fmt . Printf ("\n Total: %d potential secrets found\n \n " , len (secretsFound ))
555+ statusPrint ("\n Total: %d potential secrets found\n \n " , len (secretsFound ))
546556
547557 // Apply config-based filtering (allowlists, disabled rules, entropy threshold)
548558 secretsFound = filterSecretsByConfig (secretsFound , compiledConfig )
0 commit comments