@security-alert/sarif-to-comment
v1.10.10
Published
post comment to GitHub issue/pull requests
Downloads
6,158
Readme
@security-alert/sarif-to-comment
Post comment to GitHub issue/pull requests.
Purpose
It aims to post CodeQL result to GitHub Issue as comment.
It optimizes the formatter of SARIF for SARIF output — CodeQL.
Install
Install with npm:
npm install @security-alert/sarif-to-comment
Usage
Usage
$ npx @security-alert/sarif-to-comment <sarif-file-path>
Inputs
<sarif-file-path> Path to sarif file path
Options
--dryRun Dry-Run when it is enabled
--token GitHub Token, or support environment variables - GITHUB_TOKEN=xxx
--action Authentication mode for the token, defaults to PAT, if set, switches to Github Action
--ruleDetails Include full JSON rule details in the markdown, might be too big for Github's API, defaults to false
--simple Simplify the output to only give findings grouped by rule, adds helpURI if present
--severity Filter output issues by their severity level, warning, error, note, none, set flag for each level
--failon Throw an exit error code 1 if an issue with that level was detected, warning, error, note, none, or all, set flag for each, NOT affected by severity filtering
--commentUrl Post to comment URL. e.g. https://github.com/owner/repo/issues/85
--title Specify a comment title for the report, optional
--no-suppressedResults Don't include suppressed results, that are in SARIF suppressions
--sarifContentOwner GitHub Owner name of sarif content result. e.g. "owner"
--sarifContentRepo GitHub Repository name of sarif content result. e.g. "repo"
--sarifContentBranch GitHub Repository branch name of sarif content result. e.g. "master"
--sarifContentSourceRoot Base path to sarif scanned source. You can set CodeQL's sourceLocationPrefix as relative value if necessary
Examples
# DryRun and preview it!
$ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/repo/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" --sarifContentBranch "master" "./codeql_result.sarif"
# Post It
$ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/repo/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" --sarifContentBranch "master" "./codeql_result.sarif"
# Set base path
$ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/another/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" --sarifContentBranch "develop" --sarifContentSourceRoot "./basepath" "./codeql_result.sarif"
# use HEAD sha for link
$ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/another/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" ---sarifContentBranch `git rev-parse HEAD` "./codeql_result.sarif"
Examples
Changelog
See Releases page.
Running tests
Install devDependencies and Run npm test
:
npm test
Contributing
Pull requests and stars are always welcome.
For bugs and feature requests, please create an issue.
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin my-new-feature
- Submit a pull request :D
Author
License
MIT © azu