Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Some users of scan also have other tools that can output in json format. They would benefit from the automatic sarif conversion performed by this tool.
The idea is that the user can dump all such json in the same reports directory. Then by optionally passing a flag --convert-only users can skip any new scans forcing just a sarif conversion.
Some users of scan also have other tools that can output in json format. They would benefit from the automatic sarif conversion performed by this tool.
The idea is that the user can dump all such json in the same reports directory. Then by optionally passing a flag
--convert-only
users can skip any new scans forcing just a sarif conversion.