You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 6, 2024. It is now read-only.
I'm not familiar with any tool to convert from one to the other, as most of the other security tools I've used already support this output as it's the standard way of putting alerts into GitHub Security tab.
@hadar-co did some research for the person that will take this task:
SARIF is is an industry-standard format for the output of static analysis tools. It is based on JSON and has its own specifications/schema. It seems that this format is gaining traction, and many tools already provide support for it. Github provides an action that uploads a SARIF file and displays it under the “Security” tab of a repo.
There is no available converter from an output that Datree supports to SARIF. Therefore, to support this format we need to write a conversion ourselves.
Some helpful resources:
Snyk has created a github action that converts its JSON output to SARIF, the conversion itself is done in a python script.
Please support Sarif output format so that it can be uploaded as part of GitHub Actions workflows for issues to go into the GitHub Security tab.
Relates to #125
The text was updated successfully, but these errors were encountered: