search

microsoft / sarif-tools

A set of Python command line tools for working with SARIF files produced by code analysis tools
MIT License
76 stars 19 forks source link

Convert SARIF files to GitLab (Code Climate) format #26

Closed abyss638 closed 9 months ago

abyss638 commented 9 months ago

Implemented a new command sarif codeclimate to generate output for GitLab Code Quality report.

GitLab uses Code Climate tool for static analysis and a published report is shown in Merge Request UI as a Code Quality report.

GitLab also provides a way to upload a report generated by custom tool - see https://docs.gitlab.com/ee/ci/testing/code_quality.html#implement-a-custom-tool

Many SAST tools generates SARIF files, so to use them in GitLab they must be converted to Code Climate format which is pretty simple:

[
  {
    "description": "'unused' is assigned a value but never used.",
    "check_name": "no-unused-vars",
    "fingerprint": "7815696ecbf1c96e6894b779456d330e",
    "severity": "minor",
    "location": {
      "path": "lib/index.js",
      "lines": {
        "begin": 42
      }
    }
  }
]
abyss638 commented 9 months ago

@balgillo thanks for the review! I fixed the types you found. I'd still need your approval on this PR in order to merge it (I enforced it in Settings before for this repo).