#sarif #clippy #cli

app clippy-sarif

Convert clippy output to SARIF

15 releases

new 0.2.17 Sep 15, 2021
0.2.15 Jul 6, 2021
0.2.8 Jun 29, 2021
0.1.2 Jun 24, 2021

#202 in Command line utilities

Download history 73/week @ 2021-06-20 134/week @ 2021-06-27 56/week @ 2021-07-04 1/week @ 2021-07-11 33/week @ 2021-07-18 22/week @ 2021-07-25 29/week @ 2021-08-01 14/week @ 2021-08-08 29/week @ 2021-08-15 7/week @ 2021-08-22 12/week @ 2021-08-29 8/week @ 2021-09-05 27/week @ 2021-09-12

140 downloads per month

MIT license

44KB
912 lines

Workflow Status

clippy-sarif

This crate provides a command line tool to convert cargo clippy diagnostic output into SARIF.

The latest documentation can be found here.

clippy is a popular linter / static analysis tool for rust. More information can be found on the official repository: https://github.com/rust-lang/rust-clippy

SARIF or the Static Analysis Results Interchange Format is an industry standard format for the output of static analysis tools. More information can be found on the official website: https://sarifweb.azurewebsites.net/.

Installation

clippy-sarif may be insalled via cargo

cargo install clippy-sarif

Usage

For most cases, simply run cargo clippy with json output and pipe the results into clippy-sarif.

Example

cargo clippy --message-format=json | clippy-sarif

If you are using Github Actions, SARIF is useful for integrating with Github Advanced Security (GHAS), which can show code alerts in the "Security" tab of your respository.

After uploading clippy-sarif output to Github, clippy diagnostics are available in GHAS.

Example

on:
  workflow_run:
    workflows: ["main"]
    branches: [main]
    types: [completed]

name: sarif

jobs:
  upload-sarif:
    runs-on: ubuntu-latest
    if: ${{ github.ref == 'refs/heads/main' }}
    steps:
      - uses: actions/checkout@v2
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: stable
          override: true
      - uses: Swatinem/rust-cache@v1
      - run: cargo install clippy-sarif
      - run:
          cargo clippy --all-targets --all-features --message-format=json |
          clippy-sarif > results.sarif
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: results.sarif

License: MIT

Dependencies

~4.5MB
~85K SLoC