Package Exports
- @security-alert/sarif-to-comment
- @security-alert/sarif-to-comment/lib/index.js
- @security-alert/sarif-to-comment/module/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@security-alert/sarif-to-comment) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
@security-alert/sarif-to-comment
Post comment to GitHub issue/pull requests.
Purpose
It aims to post CodeQL result to GitHub Issue as comment.
It optimizes the formatter of SARIF for SARIF output — CodeQL.
Install
Install with npm:
npm install @security-alert/sarif-to-commentUsage
Usage
$ npx @security-alert/sarif-to-comment <sarif-file-path>
Inputs
<sarif-file-path> Path to sarif file path
Options
--dryRun Dry-Run when it is enabled
--token GitHub Token, or support environment variables - GITHUB_TOKEN=xxx
--action Authentication mode for the token, defaults to PAT, if set, switches to Github Action
--ruleDetails Include full JSON rule details in the markdown, might be too big for Github's API, defaults to false
--simple Simplify the output to only give findings grouped by rule, adds helpURI if present
--severity Filter issues by their severity level, warning, error, note, none (separated by commas)
--commentUrl Post to comment URL. e.g. https://github.com/owner/repo/issues/85
--title Specify a comment title for the report, optional
--no-suppressedResults Don't include suppressed results, that are in SARIF suppressions
--sarifContentOwner GitHub Owner name of sarif content result. e.g. "owner"
--sarifContentRepo GitHub Repository name of sarif content result. e.g. "repo"
--sarifContentBranch GitHub Repository branch name of sarif content result. e.g. "master"
--sarifContentSourceRoot Base path to sarif scanned source. You can set CodeQL's sourceLocationPrefix as relative value if necessary
Examples
# DryRun and preview it!
$ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/repo/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" --sarifContentBranch "master" "./codeql_result.sarif"
# Post It
$ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/repo/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" --sarifContentBranch "master" "./codeql_result.sarif"
# Set base path
$ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/another/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" --sarifContentBranch "develop" --sarifContentSourceRoot "./basepath" "./codeql_result.sarif"
# use HEAD sha for link
$ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/another/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" ---sarifContentBranch `git rev-parse HEAD` "./codeql_result.sarif"Examples
Changelog
See Releases page.
Running tests
Install devDependencies and Run npm test:
npm testContributing
Pull requests and stars are always welcome.
For bugs and feature requests, please create an issue.
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature - Commit your changes:
git commit -am 'Add some feature' - Push to the branch:
git push origin my-new-feature - Submit a pull request :D
Author
License
MIT © azu