codeql-action icon indicating copy to clipboard operation
codeql-action copied to clipboard
verified publisher icon github

SARIF upload task should produce output

Open hauleth opened this issue 4 years ago • 2 comments

SARIF upload endpoint returns 2 values:

  • url
  • id

Having access to at least url would be really handy, as it would allow testing for the result of the analysis in projects that want to output that format for GitHub CodeQL analysis.

hauleth avatar Sep 29 '21 13:09 hauleth

Hi @hauleth. Could you tell me more about what you're trying to do? Would you want the URL to be an output field of the codeql-action/analyze or codeql-action/upload-sarif actions?

adityasharad avatar Sep 30 '21 16:09 adityasharad

I am working on formatter for Elixir projects that use Mix (aka almost all of them). I want to test whether the produced file contain all entries it should contain. Right now I am uploading the SARIF report "manually" via cURL

https://github.com/hauleth/mix_machine/blob/f5d2ee0fb98dd8c939671be1993badd41444cad6/.github/workflows/sarif.yml

However I would prefer to use official action for that, to make it clearer and also allows me to reuse it as an example of how to use the project.

codeql-action/analyze or codeql-action/upload-sarif actions

I should additionally use codeql-action/analyze when I am using codeql-action/upload-sarif? Documentation isn't clear whether that is the case (not that this really matter in my situation).

So in short - I want to fetch the generated report and check if it contains what it should contain via script in the repository.

hauleth avatar Sep 30 '21 17:09 hauleth