Question 26
Domain 3You want a Claude Code CI step to produce structured security findings that a downstream script can parse and post as inline PR comments via the GitHub API. Which CLI flag combination achieves this?
Correct answer: C
Explanation
`--output-format json` makes Claude Code emit machine-readable JSON, which a downstream script can parse. Adding `--json-schema <schema-file>` constrains the output shape so the security findings are structured consistently for posting as inline PR comments via the GitHub API.
Why each option is right or wrong
A. `-p` (non-interactive) combined with `--format structured` output flag
Non-interactive mode controls prompting, not structured schema-validated findings output.
B. `--silent` combined with `--export findings.json` after the run completes
Silent or export-style ideas do not guarantee the model emits the required structured JSON shape.
C. `--output-format json` combined with `--json-schema <schema-file>` for shape
The required output is machine-parseable, so the CLI must be switched to JSON mode under `--output-format json`; that is the flag that changes the response from free text to structured data. To make the downstream GitHub-commenting script reliable, `--json-schema <schema-file>` is then used to constrain the emitted object shape, ensuring the findings arrive in a predictable structure rather than ad hoc prose.
D. Pipe stdout through `jq` to extract JSON from Claude's natural-language prose responses
Parsing prose with `jq` is brittle because natural-language output is not dependable JSON.