hadolint-sarif
| Crates.io | hadolint-sarif |
| lib.rs | hadolint-sarif |
| version | 0.6.6 |
| source | src |
| created_at | 2021-07-02 09:49:35.781397 |
| updated_at | 2024-09-02 03:25:57.677474 |
| description | Convert hadolint output to SARIF |
| homepage | https://psastras.github.io/sarif-rs/ |
| repository | https://github.com/psastras/sarif-rs |
| max_upload_size | |
| id | 417737 |
| size | 31,582 |
Paul Sastrasinh (psastras)
documentation
README
hadolint-sarif
This crate provides a command line tool to convert hadolint diagnostic output
into SARIF.
The latest documentation can be found here.
hadolint is a popular linter / static analysis tool for Dockerfiles. More information can be found on the official repository: https://github.com/hadolint/hadolint
SARIF or the Static Analysis Results Interchange Format is an industry standard format for the output of static analysis tools. More information can be found on the official website: https://sarifweb.azurewebsites.net/.
Installation
hadolint-sarif may be installed via cargo
cargo install hadolint-sarif
via cargo-binstall
cargo binstall hadolint-sarif
or downloaded directly from Github Releases
# make sure to adjust the target and version (you may also want to pin to a specific version)
curl -sSL https://github.com/psastras/sarif-rs/releases/download/shellcheck-sarif-v0.6.6/hadolint-sarif-x86_64-unknown-linux-gnu -o hadolint-sarif
Fedora Linux
sudo dnf install <cli_name> # ex. cargo binstall hadolint-sarif
Nix
Through the nix cli,
nix --accept-flake-config profile install github:psastras/sarif-rs#hadolint-sarif
Usage
For most cases, simply run hadolint with json output and pipe the results
into hadolint-sarif.
Example
hadolint -f json Dockerfile | hadolint-sarif
If you are using Github Actions, SARIF is useful for integrating with Github Advanced Security (GHAS), which can show code alerts in the "Security" tab of your repository.
After uploading hadolint-sarif output to Github, hadolint diagnostics are
available in GHAS.
Example
on:
workflow_run:
workflows: ["main"]
branches: [main]
types: [completed]
name: sarif
jobs:
upload-sarif:
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/main' }}
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- uses: Swatinem/rust-cache@v1
- run: cargo install hadolint-sarif sarif-fmt
- run: hadolint -f json Dockerfile | hadolint-sarif | tee results.sarif |
sarif-fmt
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif
License: MIT