frogbot
frogbot copied to clipboard
Produce SARIF report and exit
Is your feature request related to a problem? Please describe.
Creating a comment every time a commit is pushed to a PR is a non-starter for us. We would prefer to just upload the vulns to GHAS.
Describe the solution you'd like to see
The ability to tell Frogbot to scan for vulns on the filesystem, produce a SARIF report, and then exit would be preferable. This way we can interact with the vulnerabilities found by Frogbot in any way we wish.
This would allow folks to workaround issues like #158.
Describe alternatives you've considered
There doesn't seem to be any other way to get the SARIF data from Frogbot. We could use jf xr
directly, but then we lose out on Frogbot's ability to automatically detect the dependencies in use.