Incorporate SARIF option and update CI test and docs

xlab-steampunk · Mar 15, 2024 · 110afb5 · 110afb5
1 parent 6e7df32
commit 110afb5
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 0 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -62,3 +62,8 @@ jobs:
           paths: tests/playbook-no-errors.yml
           debug: true
         continue-on-error: true
+
+      - name: Run Ansible scan with SARIF output
+        uses: ./
+        with:
+          sarif_file: example.sarif
diff --git a/README.md b/README.md
@@ -60,6 +60,7 @@ The action accepts the following inputs:
 | `custom_policies_path`  | no       | /       | Path to the file or folder with custom OPA policies written in Rego Language (enterprise feature).                                                                                 |
 | `custom_policies_clear` | no       | /       | Clears OPA policies for custom Spotter checks after scanning (enterprise feature).                                                                                                 |
 | `debug`                 | no       | /       | Enable debug output.                                                                                                                                                               |
+| `sarif_file`            | no       | /       | Sets the name of the SARIF file and triggers the creation of the SARIF report.                                                                                                     |
 
 ### Outputs
 The action produces the following outputs:

diff --git a/action.yml b/action.yml
@@ -73,6 +73,9 @@ inputs:
   debug:
     description: "Enable debug output."
     required: false
+  sarif_file:
+    description: : "Sets the name of the SARIF file and triggers the creation of the SARIF report."
+    required: false
 outputs:
   output:
     description: "Output from scanning (from spotter scan CLI command)."
@@ -100,3 +103,4 @@ runs:
     - ${{ inputs.enforce_checks }}
     - ${{ inputs.custom_policies_path }}
     - ${{ inputs.custom_policies_clear }}
+    - ${{ inputs.sarif_file }}
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -21,6 +21,7 @@ skip_checks="${17}"
 enforce_checks="${18}"
 custom_policies_path="${19}"
 custom_policies_clear="${20}"
+sarif_file="${21}"
 
 # build global Spotter CLI command
 global_spotter_command="spotter --no-color"
@@ -122,6 +123,10 @@ buildScanCLICommand() {
     scan_command="$*"
   fi
 
+  if [ -n "$sarif_file" ]; then
+    scan_command="${scan_command} --sarif ${sarif_file}"
+  fi
+
   if [ -n "$paths" ]; then
     scan_command="${scan_command} $paths"
   fi