What I built
SARIF support for Reviewdog
Category Submission:
Maintainer Must-Haves
App Link
https://github.com/HollowMan6/sarif4reviewdog/pull/5
Screenshots
Description
SARIF, the Static Analysis Results Interchange Format, is a standard, JSON-based format for the output of static analysis tools.
This action enables the maintainers to integrate the fixes proposed by static code analysis tools right from the PR comments.
Link to Source Code
https://github.com/HollowMan6/sarif4reviewdog
Permissive License
Background
https://github.com/orgs/community/discussions/52156
GitHub Code Scanning supports generating alerts from the SARIF report, but it can't show the proposed fixes from the report. It can be a good addition to give us the option to make commits to the codebase based on the proposed fixes.
Then I submitted the feature request, but no one respond anything, so why not realize it by myself instead?
How I built it
In SARIF, The fix object represents a proposed fix for the problem indicated by the Result. It specifies a set of artifacts to modify. For each artifact, it specifies regions to remove and provides new content to insert.
I build a general converter from SARIF to Reviewdog Diagnostic Format (RDFormat), then use Reviewdog to give suggested code changes as well as the context of the changes for PR reviewing.
Additional Resources/Info
This Action is currently used by kubescape, a Cloud Native Computing Foundation (CNCF) sandbox project. It is an open-source Kubernetes security platform and includes risk analysis, security compliance, and misconfiguration scanning. Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities.
Top comments (0)