EMBED-AND-CI-08: Surface findings as code scanning
What it demonstrates
Section titled “What it demonstrates”Producing –format sarif and uploading it so findings annotate the exact line on a PR.
Builds on: EMBED-AND-CI-07: Parse JSON findings in a script
How it’s done
Section titled “How it’s done”The declarative YAML artifact, verbatim — no code required.
- name: Validate to SARIF run: npx markdown-contract validate docs --format sarif > mc.sarif || true- uses: github/codeql-action/upload-sarif@v3 with: sarif_file: mc.sarif# `|| true` keeps the upload running even when findings set exit 1Surfaces exercised
Section titled “Surfaces exercised”CLI --format sarifformatSarif (SARIF 2.1.0, region.startLine from Finding.pos)