@security-alert/sarif-to-comment

post comment to GitHub issue/pull requests

Usage no npm install needed!

<script type="module">
  import securityAlertSarifToComment from 'https://cdn.skypack.dev/@security-alert/sarif-to-comment';
</script>

README

@security-alert/sarif-to-comment

Post comment to GitHub issue/pull requests.

Purpose

It aims to post CodeQL result to GitHub Issue as comment.

It optimizes the formatter of SARIF for SARIF output — CodeQL.

Install

Install with npm:

npm install @security-alert/sarif-to-comment

Usage

Usage
  $ npx @security-alert/sarif-to-comment <sarif-file-path>

Inputs
  <sarif-file-path> Path to sarif file path

Options
  --dryRun                      Dry-Run when it is enabled
  --token                       GitHub Token, or support environment variables - GITHUB_TOKEN=xxx
  --commentUrl                  Post to comment URL. e.g. https://github.com/owner/repo/issues/85
  --sarifContentOwner           GitHub Owner name of sarif content result.  e.g. "owner"
  --sarifContentRepo            GitHub Repository name of sarif content result. e.g. "repo"
  --sarifContentBranch          GitHub Repository branch name of sarif content result. e.g. "master"
  --sarifContentSourceRoot      Base path to sarif scanned source. You can set CodeQL's sourceLocationPrefix as relative value if necessary

Examples
  # DryRun and preview it!
  $ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/repo/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" --sarifContentBranch "master" "./codeql_result.sarif"
  # Post It
  $ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/repo/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" --sarifContentBranch "master" "./codeql_result.sarif"
  # Set base path
  $ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/another/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" --sarifContentBranch "develop" --sarifContentSourceRoot "./basepath" "./codeql_result.sarif"
  # use HEAD sha for link
  $ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl "https://github.com/owner/another/issues/1" --sarifContentOwner "owner" --sarifContentRepo "repo" ---sarifContentBranch `git rev-parse HEAD` "./codeql_result.sarif"

Examples

Changelog

See Releases page.

Running tests

Install devDependencies and Run npm test:

npm test

Contributing

Pull requests and stars are always welcome.

For bugs and feature requests, please create an issue.

  1. Fork it!
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Submit a pull request :D

Author

License

MIT © azu