Skip to content

EMBED-AND-CI-08: Surface findings as code scanning

Producing –format sarif and uploading it so findings annotate the exact line on a PR.

Builds on: EMBED-AND-CI-07: Parse JSON findings in a script

The declarative YAML artifact, verbatim — no code required.

- name: Validate to SARIF
run: npx markdown-contract validate docs --format sarif > mc.sarif || true
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: mc.sarif
# `|| true` keeps the upload running even when findings set exit 1
  • CLI --format sarif
  • formatSarif (SARIF 2.1.0, region.startLine from Finding.pos)