Closed abyss638 closed 9 months ago
Implemented a new command sarif codeclimate to generate output for GitLab Code Quality report.
sarif codeclimate
GitLab uses Code Climate tool for static analysis and a published report is shown in Merge Request UI as a Code Quality report.
GitLab also provides a way to upload a report generated by custom tool - see https://docs.gitlab.com/ee/ci/testing/code_quality.html#implement-a-custom-tool
Many SAST tools generates SARIF files, so to use them in GitLab they must be converted to Code Climate format which is pretty simple:
[ { "description": "'unused' is assigned a value but never used.", "check_name": "no-unused-vars", "fingerprint": "7815696ecbf1c96e6894b779456d330e", "severity": "minor", "location": { "path": "lib/index.js", "lines": { "begin": 42 } } } ]
@balgillo thanks for the review! I fixed the types you found. I'd still need your approval on this PR in order to merge it (I enforced it in Settings before for this repo).
Implemented a new command
sarif codeclimate
to generate output for GitLab Code Quality report.GitLab uses Code Climate tool for static analysis and a published report is shown in Merge Request UI as a Code Quality report.
GitLab also provides a way to upload a report generated by custom tool - see https://docs.gitlab.com/ee/ci/testing/code_quality.html#implement-a-custom-tool
Many SAST tools generates SARIF files, so to use them in GitLab they must be converted to Code Climate format which is pretty simple: