Fork of Dotnet Spider
Description
This repository is created only to demonstrate the use of Code Scanning Alerts. This is a public repository within Rokt.
Link to the original public repository: Dotnet Spider
This is sample code scanning API for uploading SARIF results to Github.
commit_sha
will be replaced by the actual commit it.
ref
will be replaced by the git reference, output of the command git show-ref
.
sarif
will be replaced by the base64 value of gzip'd "sarif results file".
curl \
-X POST \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/octocat/hello-world/code-scanning/sarifs \
-d '{"commit_sha":"commit_sha","ref":"ref","sarif":"sarif"}'
To find an example of the code-scanning API go to scripts/upload-sarif.sh
. Note that the authorization_token
and other sensitive
values are removed from the script.
Code Scanning Results
To see the Code scanning alerts, navigate to the Security tab and then Code Scanning Alerts. You will see alerts in the tab.
Note that these alerts are being generated by using the Security-Code-Scan
stand-alone runnner tool. Security-Code-Scan
Permissions required
security_events
permission is required for either the personal access token or Github App being used.