search

anchore / ci-tools

Contains scripts for running anchore engine in CI pipelines
Apache License 2.0
34 stars 33 forks source link

SARIF report output #51

Closed jeff-cook closed 3 years ago

jeff-cook commented 3 years ago

The problem

The CI tools do not output a SARIF formatted report.

Environment

Running GitLab CI.

Details

I see the Anchore GitHub scan action has a SARIF formatted report output. Are there plans to add this to this project, so other CIs can get the same report?

Actual Behaviour

No SARIF report option.

Expected Behaviour

SARIF report option.

How do you reproduce the error?

Btodhunter commented 3 years ago

Hey @jeff-cook! We do not plan on adding functionality to the inline_scan as we're intending on replacing it with the new Grype and Syft tools that were just announced. You can find more information about those tools at https://toolbox.anchore.io

As Grype and Syft become more mature, we will be adding more examples & integrations with other CI tools. Keep your eye out for those integrations/examples to be coming in the not too distant future!