You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Added
draugr diff <base.sarif> <head.sarif> — compare two scans and classify every finding as new / fixed / unchanged, with a delta by severity and priority. The headline use case is a
PR's security impact vs its base branch. Adds a differential gate (--fail-on-new / --fail-on-new-priority) that fails a build only for findings the change introduces, not the
pre-existing backlog — so gating stays adoptable. Renders as console, markdown (a ready-made
MR comment), or json. Findings are matched line-insensitively, so carried-over findings that
merely moved lines aren't reported as fixed + new.
Two more draugr scan --format outputs.html renders a self-contained, browser-viewable
report (inline CSS, no assets) you can publish as a build artifact; junit emits JUnit XML so
CI systems (GitLab, Jenkins, Azure DevOps…) surface findings in their native test-results panel
— one <testsuite> per control, one failing <testcase> per finding. Both plug into the same
Reporter interface as console/markdown/json/sarif.