-
Notifications
You must be signed in to change notification settings - Fork 485
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integration with CI/CD and GitHub Code Scanning Results #193
Comments
That is a cool idea. Probably use Scorecard all the dependencies of the codebase and upload it. |
Can even just start with showing it for the repo itself (deps can come next). it wont block the CI, but just run on it. this github token limit might be pain. |
For this, we need to export the results from the scorecard to |
reminder to myself: create a separate repo for the action, e.g. |
anther reminder to myself: decide if we want our action to upload the SARIF or leave it to users to do, like in our current PoC https://github.com/ossf/scorecard/blob/main/.github/workflows/scorecard-analysis.yml#L44 |
@laurentsimon I think we can close this now? |
Yes! |
https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github
The text was updated successfully, but these errors were encountered: