shellcheck-sarif
| Crates.io | shellcheck-sarif |
| lib.rs | shellcheck-sarif |
| version | 0.6.6 |
| source | src |
| created_at | 2021-07-02 10:58:31.134395 |
| updated_at | 2024-09-02 03:26:05.585515 |
| description | Convert shellcheck output to SARIF |
| homepage | https://psastras.github.io/sarif-rs/ |
| repository | https://github.com/psastras/sarif-rs |
| max_upload_size | |
| id | 417758 |
| size | 31,958 |
Paul Sastrasinh (psastras)
documentation
README
shellcheck-sarif
This crate provides a command line tool to convert shellcheck diagnostic
output into SARIF.
The latest documentation can be found here.
shellcheck is a popular linter / static analysis tool for shell scripts. More information can be found on the official repository: https://github.com/koalaman/shellcheck
SARIF or the Static Analysis Results Interchange Format is an industry standard format for the output of static analysis tools. More information can be found on the official website: https://sarifweb.azurewebsites.net/.
Installation
shellcheck-sarif may be installed via cargo
cargo install shellcheck-sarif
via cargo-binstall
cargo binstall shellcheck-sarif
or downloaded directly from Github Releases
# make sure to adjust the target and version (you may also want to pin to a specific version)
curl -sSL https://github.com/psastras/sarif-rs/releases/download/shellcheck-sarif-v0.6.6/shellcheck-sarif-x86_64-unknown-linux-gnu -o shellcheck-sarif
Fedora Linux
sudo dnf install <cli_name> # ex. cargo binstall shellcheck-sarif
Nix
Through the nix cli,
nix --accept-flake-config profile install github:psastras/sarif-rs#shellcheck-sarif
Usage
For most cases, simply run shellcheck with json output and pipe the results
into shellcheck-sarif.
Example
shellcheck -f json shellscript.sh | shellcheck-sarif
If you are using Github Actions, SARIF is useful for integrating with Github Advanced Security (GHAS), which can show code alerts in the "Security" tab of your repository.
After uploading shellcheck-sarif output to Github, shellcheck diagnostics
are available in GHAS.
Example
on:
workflow_run:
workflows: ["main"]
branches: [main]
types: [completed]
name: sarif
jobs:
upload-sarif:
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/main' }}
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- uses: Swatinem/rust-cache@v1
- run: cargo install shellcheck-sarif sarif-fmt
- run: shellcheck -f json shellscript.sh | shellcheck-sarif | tee
results.sarif | sarif-fmt
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif
License: MIT