blackstork-cli
Our headless reporting engine. A source-available command-line tool for rendering BlackStork templates into Markdown, HTML or PDF documents locally.
Infrastructure-as-code for security reporting
blackstork-cli is the underlying engine that powers the BlackStork SaaS platform. It executes BCL (BlackStork Configuration Language) files, handling the heavy lifting of API integrations, data transformations, LLM prompting, and document assembly. It is designed to be run locally by analysts or integrated directly into CI/CD pipelines for fully automated, headless report generation.
- Native Plugin Ecosystem
- Ships with standard integrations for Splunk, Microsoft Graph, Elastic, Atlassian Jira, GitHub, OpenCTI, PostgreSQL, VirusTotal, and more.
- Expressive Template Language
- Uses a custom configuration language based on HCL (just like Terraform does) to define document templates, allowing for explicit input data definitions, conditional logic, inline data mutations, and content generation.
- Local Execution
- Keep sensitive input data on-premise.
blackstork-cliruns where your data lives, only reaching out to external APIs (like Google Gemini LLM) when explicitly instructed by your template configuration. - Standardized Output
- Compiles input data and content configuration into a clear Markdown, HTML or PDF formats.
Source-available under BUSL 1.1
We recently transitioned blackstork-cli from an Apache 2.0 license to the Business Source License (BUSL) 1.1.
The source code remains entirely public. We actively encourage security researchers, students, and individual practitioners to inspect the engine, build custom plugins, and run the tool for academic, testing, and personal non-commercial use.
The boundary is simple: you cannot use blackstork-cli for commercial purposes, use it in a production business environment, or embed it into a proprietary commercial product.
If your organization needs to generate production security reports, that is exactly what the BlackStork SaaS platform is built for. It provides a managed, collaborative web interface built directly on top of this engine.
Run your reporting as your infrastructure
Download the pre-compiled binary for your OS. The CLI ships with a builtin plugin for basic data integrations and content structures to keep the footprint minimal. When you need to connect to specific external tools like Splunk, OpenCTI, or OpenAI, simply pull the exact integrations you need from our registry with a single install command.