SARIF upload task should produce output #755

hauleth · 2021-09-29T13:40:01Z

SARIF upload endpoint returns 2 values:

url
id

Having access to at least url would be really handy, as it would allow testing for the result of the analysis in projects that want to output that format for GitHub CodeQL analysis.

The text was updated successfully, but these errors were encountered:

adityasharad · 2021-09-30T16:41:42Z

Hi @hauleth. Could you tell me more about what you're trying to do? Would you want the URL to be an output field of the codeql-action/analyze or codeql-action/upload-sarif actions?

hauleth · 2021-09-30T17:33:03Z

I am working on formatter for Elixir projects that use Mix (aka almost all of them). I want to test whether the produced file contain all entries it should contain. Right now I am uploading the SARIF report "manually" via cURL

https://github.com/hauleth/mix_machine/blob/f5d2ee0fb98dd8c939671be1993badd41444cad6/.github/workflows/sarif.yml

However I would prefer to use official action for that, to make it clearer and also allows me to reuse it as an example of how to use the project.

codeql-action/analyze or codeql-action/upload-sarif actions

I should additionally use codeql-action/analyze when I am using codeql-action/upload-sarif? Documentation isn't clear whether that is the case (not that this really matter in my situation).

So in short - I want to fetch the generated report and check if it contains what it should contain via script in the repository.

This was referenced Jun 2, 2023

[Snyk] Security upgrade simple-git from 1.132.0 to 3.3.0 aliscco/codeql-action#444

Open

[Snyk] Security upgrade simple-git from 1.132.0 to 3.5.0 aliscco/codeql-action#445

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SARIF upload task should produce output #755

SARIF upload task should produce output #755

SARIF upload task should produce output #755

SARIF upload task should produce output #755

Comments