-
-
Notifications
You must be signed in to change notification settings - Fork 527
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SARIF support #909
Comments
Refer to jeremylong/DependencyCheck#3081 |
Hello! |
@RunFox Not implemented so far. But it seems like a nice "good first issue" candidate for new contributors to work on. :) Note on implementation: The existing |
Hi folks, |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
SARIF should be able to describe vulnerable components even though its' original purpose was representing source code vulnerabilities.
Recently, the Dependency-Check project implemented SARIF support with the intended use case that the resulting file would be published to GitHub (which now supports SARIF) and can process and display results directly in GitHub.
This enhancement request is to add support for generating SARIF via an API. This would dynamically generate the SARIF (via pebble), and the resulting file would be downloaded.
The text was updated successfully, but these errors were encountered: