Explore using sarif as output format #10
Comments
|
jo looks like a good tool to read a sarif template with and mutate based on findings. |
jbergstroem
added
type: feature
|
..or, just use upstream: hadolint/hadolint#704 <3 open source! |
|
Seeing how this issue is still to be completed I wanted to outline a bit how I see this playing out. PR's is probably not the best place to pick this up since they are not really reflecting the "state" of the repo (which the security view does) so I will expand on the documentation to show how you can scan a repo daily and pick up secrets. |
jbergstroem
added
area: ci
|
So, the plan here is to create a USAGE.md example on how to collect sarif outputs and push it to github and hopefully get a few more testers than me (it seems that I'm at least not the only user). If that works out well – meaning, it improves the overall experience of alerts from hadolint – we could change the default output in |
Sarif is a json format that provides a finer grained way of showing errors, warnings and so on. The issues found are also shown on the security page which might interest a fair amount of people.
Based on a JSON template there might be a not-so-painful way of having jq emit a sarif-friendly document that github can consume.
The text was updated successfully, but these errors were encountered: