Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SARIF support?

See original GitHub issue

Is there any chance for SARIF support (SARIF-compatible output file)? That would allow to use github/codeql-action/upload-sarif@v1 in workflows, e.g.:

- name: Upload SARIF report
  uses: github/codeql-action/upload-sarif@v1
  with:
    sarif_file: ${{ steps.scan.outputs.sarif }}

See also: https://docs.github.com/en/code-security/secure-coding/integrating-with-code-scanning/uploading-a-sarif-file-to-github

Issue Analytics

  • State:open
  • Created 2 years ago
  • Reactions:5
  • Comments:9 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
rm3lcommented, Nov 8, 2021

Hi there ! I was also interested in this feature. Before seeing this issue, I set out to build this other Action to convert the output to SARIF. It should therefore be possible to support SARIF and upload the output to GitHub Code Scanning, by adding a new step in your Workflows, like so:

- name: Scan Container Image
  id: scan
  uses: Azure/container-scan@v0.1
  with:
    image-name: my-container-image
    
- name: Convert Container Scan Report to SARIF
  id: scan-to-sarif
  uses: rm3l/container-scan-to-sarif-action@v1
  if: ${{ always() }}
  with:
    input-file: ${{ steps.scan.outputs.scan-report-path }}

- name: Upload SARIF reports to GitHub Security tab
  uses: github/codeql-action/upload-sarif@v1
  if: ${{ always() }}
  with:
    sarif_file: ${{ steps.scan-to-sarif.outputs.sarif-report-path }}

Let me know your thoughts about this.

0reactions
github-actions[bot]commented, Feb 15, 2022

This issue is idle because it has been open for 14 days with no activity.

Read more comments on GitHub >

github_iconTop Results From Across the Web

SARIF support for code scanning - GitHub Docs
SARIF (Static Analysis Results Interchange Format) is an OASIS Standard that defines an output file format. The SARIF standard is used to streamline...
Read more >
SARIF Home
The Static Analysis Results Interchange Format (SARIF) Website. ... Collaborators. The SARIF project is supported by a group of industry contributors.
Read more >
OASIS Static Analysis Results Interchange Format (SARIF) TC
SARIF will support the development of products whose code spans languages and operating systems. For more information, see the SARIF TC Charter. TC...
Read more >
Support SARIF reports - Product Manager for a Day
SonarQube supports the standard Static Analysis Results Interchange Format (SARIF) for raising external issues in code. It would be helpful if ...
Read more >
Add SARIF as supported output format for Lint [167593732]
It would be very useful if Lint supported SARIF as a first class output format in addition to the existing xml / html...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

trivyOutputJson.forEach is not a function

Next page

Strange placement of [container-scan] action in actions page