quality-time icon indicating copy to clipboard operation
quality-time copied to clipboard

Published 20 hours ago verified publisher icon ICTU

Add GitHub code scanning alerts as source for the security warnings metric

Open fniessink opened this issue 3 years ago • 4 comments

Docs: https://docs.github.com/en/rest/reference/code-scanning

Note: GitHub uses the Sarif format. Sarif Python Object Model: https://github.com/microsoft/sarif-python-om

Also see this PyGitHub PR: https://github.com/PyGithub/PyGithub/pull/2063

fniessink avatar Sep 06 '21 14:09 fniessink

Hi @fniessink I see you are looking for an use case. I have one ;) A couple of months ago I developed an extension for Azure DevOps called Gitleaks to scan for secrets in git repositories in Azure DevOps. It would be great if quality time also supports imports for SARIF.

JoostVoskuil avatar Dec 11 '21 18:12 JoostVoskuil

@JoostVoskuil Nice. Are you actually using Quality-time?

fniessink avatar Dec 12 '21 21:12 fniessink

It's on my roadmap 2022 for VWS :)

JoostVoskuil avatar Dec 12 '21 21:12 JoostVoskuil

Sounds interesting. Let us know if/when you need support and how we can help!

fniessink avatar Dec 15 '21 16:12 fniessink