@security-alert/sarif-to-comment

Post comment to GitHub issue/pull requests.

Install

Install with npm:

npm install @security-alert/sarif-to-comment

Usage

Usage
  $ npx @security-alert/sarif-to-comment <sarif-file-path>

Inputs
  <sarif-file-path> Path to sarif file path

Options
  --dryRun                      Dry-Run when it is enabled
  --token                       GitHub Token, or support environment variables - GITHUB_TOKEN=xxx
  --commentUrl                  Post to comment URL. e.g. https://github.com/owner/repo/issues/85
  --sarifContentOwner           GitHub Owner name of sarif content result.  e.g. "owner"
  --sarifContentRepo            GitHub Repository name of sarif content result. e.g. "repo"
  --sarifContentBranch          GitHub Repository branch name of sarif content result. e.g. "master"
  --sarifContentSourceRoot      Base path to sarif scanned source. You can set CodeQL's sourceLocationPrefix as relative value if necessary

Examples
  $ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/repo/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" --sarifContentBranch "master" "./codeql_result.sarif"
  $ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/another/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" --sarifContentBranch "develop" --sarifContentSourceRoot "./basepath" "./codeql_result.sarif"

Changelog

See Releases page.

Running tests

Install devDependencies and Run npm test:

npm test

Contributing

Pull requests and stars are always welcome.

For bugs and feature requests, please create an issue.

1. Fork it!
2. Create your feature branch: git checkout -b my-new-feature
3. Commit your changes: git commit -am 'Add some feature'
4. Push to the branch: git push origin my-new-feature
5. Submit a pull request :D

Author

• github/azu
• twitter/azu_re

License

MIT © azu