README
@security-alert/sarif-to-comment
Post comment to GitHub issue/pull requests.
Purpose
It aims to post CodeQL result to GitHub Issue as comment.
It optimizes the formatter of SARIF for SARIF output — CodeQL.
Install
Install with npm:
npm install @security-alert/sarif-to-comment
Usage
Usage
$ npx @security-alert/sarif-to-comment <sarif-file-path>
Inputs
<sarif-file-path> Path to sarif file path
Options
--dryRun Dry-Run when it is enabled
--token GitHub Token, or support environment variables - GITHUB_TOKEN=xxx
--commentUrl Post to comment URL. e.g. https://github.com/owner/repo/issues/85
--sarifContentOwner GitHub Owner name of sarif content result. e.g. "owner"
--sarifContentRepo GitHub Repository name of sarif content result. e.g. "repo"
--sarifContentBranch GitHub Repository branch name of sarif content result. e.g. "master"
--sarifContentSourceRoot Base path to sarif scanned source. You can set CodeQL's sourceLocationPrefix as relative value if necessary
Examples
# DryRun and preview it!
$ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/repo/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" --sarifContentBranch "master" "./codeql_result.sarif"
# Post It
$ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/repo/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" --sarifContentBranch "master" "./codeql_result.sarif"
# Set base path
$ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/another/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" --sarifContentBranch "develop" --sarifContentSourceRoot "./basepath" "./codeql_result.sarif"
# use HEAD sha for link
$ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/another/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" ---sarifContentBranch `git rev-parse HEAD` "./codeql_result.sarif"
Examples
Changelog
See Releases page.
Running tests
Install devDependencies and Run npm test
:
npm test
Contributing
Pull requests and stars are always welcome.
For bugs and feature requests, please create an issue.
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin my-new-feature
- Submit a pull request :D
Author
License
MIT © azu