Skip to content

haqimazhar/codeguru-security-reviewer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
node_modules
node_modules
 
 
.gitignore
.gitignore
 
 
action.yaml
action.yaml
 
 
index.js
index.js
 
 
package.json
package.json
 
 
readme.md
readme.md
 
 

Repository files navigation

🚨 CodeGuru Security Reviewer 🚨

A GitHub Action that parses SARIF results generated by AWS CodeGuru Security and adds comments on specific lines of code in a pull request (PR) where issues were identified. 🎯

🚀 Overview

codeguru-security-reviewer is designed to streamline security feedback on pull requests by automatically commenting on changed lines where issues were detected by CodeGuru Security. This action ensures that only issues relevant to modified lines in a PR are displayed, helping developers focus on addressing actionable feedback without being overwhelmed.

⚠️ Note: GitHub comments can only be posted on changed lines in a PR. Therefore, some security issues identified by CodeGuru may not be commented on if they are not related to the modified lines in the PR. Additionally, scans are performed at the path level, so only issues from those paths will be included in comments.

🛠️ How It Works

  1. 🔍 SARIF Parsing: This action fetches the SARIF file generated by aws-actions/codeguru-security@v1 and processes it to extract relevant security findings.
  2. 💬 Commenting on Changed Lines: For each security issue detected on a changed line, it posts a comment on the PR. Only modified lines are commented on, providing a more focused review.
  3. ℹ️ Disclaimer: Results will only be posted if they match the lines changed in the pull request.

⚙️ Inputs

Input Description Required Default
token 🔑 GitHub token for authentication. ✅ Yes
repository 📂 GitHub repository in owner/repo format. ✅ Yes
pull_request_number 📝 Pull request number where comments will be added. ✅ Yes
sarif_path 🛡️ Path to the SARIF file generated by CodeGuru Security. ❌ No codeguru-security-results.sarif.json
initial_commit_sha 🧩 SHA of the initial commit in the pull request. ✅ Yes

📝 Usage

In your GitHub workflow file, add this step to comment on the PR based on the SARIF scan results:

- name: CodeGuru Security Reviewer
  uses: haqimazhar/codeguru-security-reviewer@v1
  with:
    token: ${{ secrets.GITHUB_TOKEN }}
    repository: ${{ github.repository }}
    pull_request_number: ${{ github.event.pull_request.number }}
    sarif_path: codeguru-security-results.sarif.json
    initial_commit_sha: ${{ github.event.pull_request.head.sha }}

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

4 tags

Packages

No packages published

Languages