Jeeppler
commented
3 years ago In addition, it would be possible to integrate SecHub into the GitHub Actions Pipeline: https://github.blog/2020-10-05-announcing-third-party-code-scanning-tools-static-analysis-and-developer-security-training/
Offer the ability for users to download a code scan in the Static Analysis Results Interchange Format (SARIF). This would allow users to use existing tools, such as the Sarif Viewer for Visual Studio Code, to view the report: https://marketplace.visualstudio.com/items?itemName=MS-SarifVSCode.sarif-viewer
Jeremias Eppler jeremias.eppler@daimler.com, Daimler TSS GmbH, imprint