sast-scan icon indicating copy to clipboard operation
sast-scan copied to clipboard

Published 20 hours ago verified publisher icon AppThreat

Let's do pull request scanning

Open prabhu opened this issue 5 years ago • 2 comments

Commercial folks are able to scan pull requests and add the results directly as a comment. Let's implement this feature entirely in actions without involving any server!

Instead of bloating the container, we can perhaps start with a new action for this feature.

prabhu avatar Feb 01 '20 20:02 prabhu

Hi, check reviewdog. It should provide support for it.

A sábado, 1/02/2020, 20:33, Prabhu Subramanian [email protected] escreveu:

Commercial folks are able to scan pull requests and add the results directly as a comment. Let's implement this feature entirely in actions without involving any server!

Instead of bloating the container, we can perhaps start with a new action for this feature.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/AppThreat/sast-scan/issues/15?email_source=notifications&email_token=AFASKJ3YIXBNEJXTHDWCW6TRAXMBHA5CNFSM4KOVJA2KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IKLOZBQ, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFASKJYYGN6FK44XC4IZH5TRAXMBHANCNFSM4KOVJA2A .

farinhap avatar Feb 01 '20 22:02 farinhap

Thank you for the suggestion. Will investigate this. But tbh all the information to annotate are already available in a sarif file so it should be possible to simply iterate through the results in this file and make github api calls.

prabhu avatar Feb 01 '20 23:02 prabhu