Class: Zwischen::Reporter::Sarif

Inherits:

Object

Object
Zwischen::Reporter::Sarif

show all

Defined in:: lib/zwischen/reporter/sarif.rb

Overview

Renders findings as SARIF 2.1.0 for GitHub code scanning and other SARIF consumers (zwischen scan –format sarif).

Constant Summary collapse

SCHEMA =

"https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json"

SEVERITY_LEVELS =

{
  "critical" => "error",
  "high" => "error",
  "medium" => "warning",
  "low" => "note",
  "info" => "note"
}.freeze

SECURITY_SEVERITY = GitHub uses security-severity to bucket alerts (9.0+ critical, 7.0+ high…)

{
  "critical" => "9.5",
  "high" => "8.0",
  "medium" => "5.0",
  "low" => "3.0",
  "info" => "1.0"
}.freeze

Class Method Summary collapse

.report(aggregated_results, project_root: Dir.pwd) ⇒ Object

Instance Method Summary collapse

#initialize(aggregated_results, project_root: Dir.pwd) ⇒ Sarif constructor

A new instance of Sarif.
#render ⇒ Object

Constructor Details

#initialize(aggregated_results, project_root: Dir.pwd) ⇒ `Sarif`

Returns a new instance of Sarif.

# File 'lib/zwischen/reporter/sarif.rb', line 34

def initialize(aggregated_results, project_root: Dir.pwd)
  @findings = aggregated_results[:findings]
  @project_root = project_root
end

Class Method Details

.report(aggregated_results, project_root: Dir.pwd) ⇒ `Object`



30
31
32

# File 'lib/zwischen/reporter/sarif.rb', line 30

def self.report(aggregated_results, project_root: Dir.pwd)
  new(aggregated_results, project_root: project_root).render
end

Instance Method Details

#render ⇒ `Object`

# File 'lib/zwischen/reporter/sarif.rb', line 39

def render
  JSON.pretty_generate(
    "$schema" => SCHEMA,
    "version" => "2.1.0",
    "runs" => [run]
  )
end