feature: add sarif output (GitHub Code Scan) #50
Conversation
|
Maybe it would also be nice to add the output of these Sarif things as an additional step to CI such that we can inspect them etc. :) |
yes, I was forced to it for debugging purposes. |
|
I also just realized I'm too fucking stupid to set up my flake checks properly, so I will definitely have to add a |
|
if you already have this PR tested somewhere together with your action, perhaps you can leave a link to it? |
blackheaven
force-pushed
the
gha/sarif-export
branch
from
730a720
to
e653d62
Compare
blackheaven
force-pushed
the
gha/sarif-export
branch
from
e653d62
to
75ced7b
Compare
I have reformatted the file
not yet |
blackheaven
force-pushed
the
gha/sarif-export
branch
from
75ced7b
to
9096068
Compare
blackheaven
force-pushed
the
gha/sarif-export
branch
from
9096068
to
33d3028
Compare
|
I have changed my GitHub Action: https://github.com/blackheaven/haskell-security-action/blob/master/action.yaml#L34 It works great: https://github.com/blackheaven/vulnerable-sandbox/actions/runs/10696473443 |
|
Nice! can you perhaps tell me how this would work then? i.e. where would I see the security report - I see there's some upload happening? |
|
(sorry, I'm new to this, I don't know how this github security / sarif thing works) |
|
I really like what you did wrt formatting, btw. I think we can merge today :) |
that explains it - I don't have access to this tab - I guess kinda understandable... :) |
|
|
|
thank you so much, huge improvement to the tool! |
No description provided.