Giters

ROKT / dotnet-spider

Dummy repository for SARIF PoC

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Fork of Dotnet Spider

Description

This repository is created only to demonstrate the use of Code Scanning Alerts. This is a public repository within Rokt.

Link to the original public repository: Dotnet Spider

This is sample code scanning API for uploading SARIF results to Github.

commit_sha will be replaced by the actual commit it.

ref will be replaced by the git reference, output of the command git show-ref.

sarif will be replaced by the base64 value of gzip'd "sarif results file".

curl \
  -X POST \
  -H "Accept: application/vnd.github.v3+json" \
  https://api.github.com/repos/octocat/hello-world/code-scanning/sarifs \
  -d '{"commit_sha":"commit_sha","ref":"ref","sarif":"sarif"}'

To find an example of the code-scanning API go to scripts/upload-sarif.sh. Note that the authorization_token and other sensitive values are removed from the script.

Code Scanning Results

To see the Code scanning alerts, navigate to the Security tab and then Code Scanning Alerts. You will see alerts in the tab.

Note that these alerts are being generated by using the Security-Code-Scan stand-alone runnner tool. Security-Code-Scan

Permissions required

security_events permission is required for either the personal access token or Github App being used.

About

Dummy repository for SARIF PoC

License:MIT License

Languages

Language:C# 49.8%Language:HTML 48.9%Language:TSQL 1.0%Language:Shell 0.2%Language:Dockerfile 0.0%