CLI-04: Emit SARIF for code scanning
What it demonstrates
Section titled “What it demonstrates”–format sarif produces a SARIF 2.1.0 log ready to upload to GitHub code scanning.
Builds on: CLI-03: Switch to JSON output
How it’s done
Section titled “How it’s done”A terminal session: the command as you’d run it, followed by the output it prints; trailing comments note the exit status.
# same run as SARIF 2.1.0 for GitHub code scanning (no run summary)markdown-contract validate ./decisions --contract decisions.contract.yaml --format sarif > results.sarif# results.sarif:{ "version": "2.1.0", "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", "runs": [ { "tool": { "driver": { "name": "markdown-contract", "rules": [ { "id": "structure/section-missing" } ] } }, "results": [ { "ruleId": "structure/section-missing", "level": "error", "message": { "text": "required section ‘Decision’ is missing" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "D-9001.md" }, "region": { "startLine": 8 } } } ] } ] } ]}# SARIF level mapping: error→error, warn→warning, report→note; exit status: 1Surfaces exercised
Section titled “Surfaces exercised”--format sarifformatSarif (SARIF 2.1.0, driver.rules, physicalLocation.region.startLine)error→error, warn→warning, report→note