|
| 1 | +<div align="center"> |
| 2 | + |
| 3 | +# Composer Audit to SARIF Action |
| 4 | + |
| 5 | +[](https://github.com/typisttech/composer-audit-to-sarif-action/releases/latest) |
| 6 | +[](https://github.com/marketplace/actions/php-matrix) |
| 7 | +[](https://github.com/typisttech/composer-audit-to-sarif-action/actions/workflows/test.yml) |
| 8 | +[](https://github.com/typisttech/composer-audit-to-sarif-action/blob/master/LICENSE) |
| 9 | +[](https://x.com/tangrufus) |
| 10 | +[](https://bsky.app/profile/tangrufus.com) |
| 11 | +[](https://github.com/sponsors/tangrufus) |
| 12 | +[](https://typist.tech/contact/) |
| 13 | + |
| 14 | +<p> |
| 15 | + <strong> Convert Composer audit reports to SARIF files</strong> |
| 16 | + <br> |
| 17 | + <br> |
| 18 | + Built with ♥ by <a href="https://typist.tech/">Typist Tech</a> |
| 19 | +</p> |
| 20 | + |
| 21 | +</div> |
| 22 | + |
| 23 | +--- |
| 24 | + |
| 25 | +> [!TIP] |
| 26 | +> **Hire Tang Rufus!** |
| 27 | +> |
| 28 | +> I am looking for my next role, freelance or full-time. |
| 29 | +> If you find this tool useful, I can build you more dev tools like this. |
| 30 | +> Let's talk if you are hiring PHP / Ruby / Go developers. |
| 31 | +> |
| 32 | +> Contact me at https://typist.tech/contact/ |
| 33 | +
|
| 34 | +--- |
| 35 | + |
| 36 | +## Usage |
| 37 | + |
| 38 | +See [action.yml](action.yml) and the underlying script [`ComSARIF`](https://github.com/typisttech/comsarif/#options). |
| 39 | + |
| 40 | +```yaml |
| 41 | + - uses: typisttech/composer-audit-to-sarif-action@0 |
| 42 | + with: |
| 43 | + # Path to Path to audit JSON file |
| 44 | + # |
| 45 | + # Default: audit.json |
| 46 | + audit: some/path/to/audit.json |
| 47 | + |
| 48 | + # Path to composer.lock |
| 49 | + # |
| 50 | + # Default: composer.lock |
| 51 | + lock: some/path/to/composer.lock |
| 52 | + |
| 53 | + # Path to repository root |
| 54 | + # |
| 55 | + # Default: ${{ github.workspace }} |
| 56 | + root: some/path |
| 57 | + |
| 58 | + # ComSARIF version. |
| 59 | + # |
| 60 | + # The version of [ComSARIF] to use. Leave blank for latest. For example: v1.0.2 |
| 61 | + # |
| 62 | + # [ComSARIF]: https://github.com/typisttech/comsarif |
| 63 | + # |
| 64 | + # Default: '' |
| 65 | + version: v1.0.2 |
| 66 | + |
| 67 | + # Verify Attestation |
| 68 | + # |
| 69 | + # Whether to verify PHP matrix tarball attestation. |
| 70 | + |
| 71 | + # Github Token |
| 72 | + # |
| 73 | + # GitHub token to use for authentication |
| 74 | + # |
| 75 | + # Default: ${{ github.token }} |
| 76 | + github-token: ${{ secrets.GITHUB_PAT_TOKEN }} |
| 77 | +``` |
| 78 | +
|
| 79 | +### Outputs |
| 80 | +
|
| 81 | +| Key | Description | Example | |
| 82 | +| --- | --- | --- | |
| 83 | +| `sarif` | Path to the SARIF file | `/tmp/comsarif-123.sarif` | |
| 84 | + |
| 85 | +> [!TIP] |
| 86 | +> **Hire Tang Rufus!** |
| 87 | +> |
| 88 | +> There is no need to understand any of these quirks. |
| 89 | +> Let me handle them for you. |
| 90 | +> I am seeking my next job, freelance or full-time. |
| 91 | +> |
| 92 | +> If you are hiring PHP / Ruby / Go developers, |
| 93 | +> contact me at https://typist.tech/contact/ |
| 94 | + |
| 95 | +## Examples |
| 96 | + |
| 97 | +<details open> |
| 98 | + <summary>TODO</summary> |
| 99 | + |
| 100 | +```yaml |
| 101 | +TODO |
| 102 | +``` |
| 103 | +</details> |
| 104 | + |
| 105 | +## Credits |
| 106 | + |
| 107 | +[`Composer Audit to SARIF Action`](https://github.com/typisttech/composer-audit-to-sarif-action) is a [Typist Tech](https://typist.tech) project and |
| 108 | +maintained by [Tang Rufus](https://x.com/TangRufus), freelance developer [for hire](https://typist.tech/contact/). |
| 109 | + |
| 110 | +Full list of contributors can be found [on GitHub](https://github.com/typisttech/composer-audit-to-sarif-action/graphs/contributors). |
| 111 | + |
| 112 | +## Copyright and License |
| 113 | + |
| 114 | +This project is a [free software](https://www.gnu.org/philosophy/free-sw.en.html) distributed under the terms of |
| 115 | +the MIT license. For the full license, see [LICENSE](LICENSE). |
| 116 | + |
| 117 | +## Contribute |
| 118 | + |
| 119 | +Feedbacks / bug reports / pull requests are welcome. |
0 commit comments