Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added link to shellcheck-scan the GitHub Action 🤝 #3104

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Added link to shellcheck-scan the GitHub Action 🤝 #3104

wants to merge 2 commits into from

Conversation

reactive-firewall
Copy link

Update README.md

Added link to ShellCheck SARIF Analysis GitHub Action - A third-party OSS action that generates SARIF reports from ShellCheck analysis, enabling GitHub Advanced Security integration. Helps teams track shell script quality through GitHub's code scanning UI without additional configuration.

Additional details:

Marketplace link: ShellCheck SARIF Analysis
Release Notes: Latest Release Notes
Public Repository: shellcheck-scan

Contributor hereby acknowledges:

  • Contributions must be licensed under the GNU GPLv3.
    • The contributor retains the copyright.

@reactive-firewall
Added link to shellcheck-scan the GitHub Action
a9026b2 
**Update README.md**
Added link to `shellcheck-scan` the GitHub Action - A third-party OSS action that generates SARIF reports from ShellCheck analysis, enabling GitHub Advanced Security integration. Helps teams track shell script quality through GitHub's code scanning UI without additional configuration.

---

**acknowledged**

> Contributions must be licensed under the GNU GPLv3.
> The contributor retains the copyright.


signed-off-by: reactive-firewall <[email protected]>
@reactive-firewall
Copy link
Author

🙇 sorry I'm late to the topic

Additional relevant discussions found in:

  • resolves/contributes to Provide SARIF Output ? #2405

    • Those interested in a SOLID workaround for Provide SARIF Output ? #2405 may be interested in the MIT licensed tool used by ShellCheck SARIF Analysis that converts the output from shellcheck into valid SARIF directly. 🙊 Note however due to cc-left type licensing conflicts the tool will not be converted to Haskel for contributing to spellcheck anytime in the foreseeable future. 🤷 The project, does includes a re-released (explicitly stripped down) variant for the GPLv3 action written in python.

  • SUPERSEDES and resolves unmerged PR/MR Support for SARIF output format #2569 - also enhances with proper SARIF (including rules and documentation built dynamically from shellcheck's output)

    • No need for additional support by @koalaman as the GHA action leaves shellcheck's code untouched.

@reactive-firewall
Removed comment on the limitation on GHA linux-only due to recent imp…
9626d52 
…rovements

Due to recent changed the ShellCheck-scan action [ShellCheck SARIF Analysis](https://github.com/marketplace/actions/shellcheck-sarif-analysis) now supports automatic setup/install of latest shellcheck on macOS and even windows-latest runners via its use (in addition to it's invocation of the tool to generate a SARIF report of-course) but in short: no more limit to just linux only runners
@reactive-firewall
Copy link
Author

GHA Works on non-linux now 🎁

TL;DR 🤷🏻 So I went ahead and just added support for including the `ShellCheck SARIF Analysis` github action on any OS-latest runner. This both automates setup-of shellcheck and invoking and generating the SARIF report, however this means if users with they can include the action to automate the setup on non-linux runners and not give permissions to upload the SARIF report by limiting permissions (e.g. _not_ granting `security-event: write`) your milage may very.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@reactive-firewall