audit-ci icon indicating copy to clipboard operation
audit-ci copied to clipboard

Published 20 hours ago verified publisher icon IBM

[Feature] Support Gitlab SAST report-type

Open danniehansen opened this issue 2 years ago • 2 comments

We've recently started using audit-ci in our pipelines. For the tool semgrep that we use, they can output a Gitlab SAST compatible reporting format that GitLab can understand and integrate into its UI. Would be really cool to have similar reporting supporting with audit-ci.

I'm more than willing to write this reporter support into the repository if people feel like this could be valuable.

Gitlab SAST reporting schema: https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/dist/sast-report-format.json

danniehansen avatar Aug 05 '22 12:08 danniehansen

I don't know if it can help but for that we are using a separate npm module @elpete/gitlab-npm-audit-parser after the audit.json report is generated.

Maybe it's possible to integrate the parser module directly to the audit-ci module?

doricci avatar Jan 23 '23 12:01 doricci

Hi @doricci, I have two ideas for this:

  1. I have a WIP PR #297 that attempts to improve the programmatic usage of audit-ci vastly. That way, you can use it as a library and pipe the result to any parser you want.
  2. With the improvement of its programmatic usage of audit-ci, we could add it as a first-party output format.

quinnturner avatar Jan 23 '23 16:01 quinnturner