Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SARIF standardization #1175

Closed
Gby56 opened this issue May 12, 2022 · 7 comments
Closed

SARIF standardization #1175

Gby56 opened this issue May 12, 2022 · 7 comments

Comments

@Gby56
Copy link

Gby56 commented May 12, 2022

Hello hello ! 馃憢
I'm a maintainer on https://github.com/security-alert/security-alert with @azu and I just discovered your project !
I searched for SARIF and saw the early issues/PRs, and it seems that there was a path for SARIF in experimental...

Is there any chance that SARIF would be supported ? I can start looking into it a bit, I would love to provide support for that even if security-alert already does that, but I think reviewdog has better commenting (exact line?) and interface
@Gby56
Copy link
Author

Gby56 commented May 12, 2022

I think I could simply request for a semgrep reviewdog action ?

@Gby56
Copy link
Author

Gby56 commented May 12, 2022

Seems like https://github.com/g-wilson/action-semgrep already exists

@haya14busa
Copy link
Member

Yes, SARIF support as input/output of reviewdog should be great improvement.
Alternative option would be create a tool to convert RDFormat <=> SARIF (#628).
I just do not have chances/time to support it. Any contributions are welcome :)

I do not understand why action-semgrep is related to this issue.
Looks like it just manually format results instead of consuming nor converting SARIF data.
https://github.com/g-wilson/action-semgrep/blob/17b8bb7e7e42395cac39548fe732df3a816351bc/entrypoint.sh#L10-L13

@jcook-uptycs
Copy link

@Gby56 which PR did you find with SARIF support? I can't find it. Also were you able to work on it?

@Ufkoku
Copy link

Ufkoku commented May 17, 2023
edited
Loading

I have found this action https://github.com/HollowMan6/sarif4reviewdog

UPD.
I took this plugin as base and rewrote it to my needs. It was giving a little bit awkward results with my tools. How ever I managed to put sarif reports in review dog)

@AlexOstrovsky
Copy link

any update on this?

@irgaly irgaly mentioned this issue Sep 2, 2023
Merged
5 tasks
@irgaly
Copy link
Contributor

irgaly commented Oct 3, 2023

Reviewdog v0.15.0 supports SARIF now.

https://github.com/reviewdog/reviewdog/releases/tag/v0.15.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@shogo82148 @irgaly @haya14busa @Gby56 @Ufkoku @AlexOstrovsky @jcook-uptycs