Add support for other formats than SARIF

[mpoberezhniy]

Type of issue

Feature Request

Description

Add support for converting SARIF reports to other formats. Or provide examples on how to use with other CI/CD tools and git hosting systems.

Describe the solution you'd like

Convert SARIF to other formats using sarif-tools
Supported formats:

• codeclimate - can be used in GitLab and GitHub, but generally is an open-source tool that could be used elsewhere
• csv
• txt
• html - can be used with other CI/CD tools outside VCS hosting platforms
• docx

Codeclimate json format is accepted by GitLab and adds Merge request notes similar to GitHub Pull request comments: notes example.

Consider supporting Gerrit API json format: review API reference. This can be composed from SARIF, but parsing it from codeclimate json format should be easier.

[jamacku]

Differential ShellCheck internally uses csdiff and csgrep, tools written by @kdudka and @lzaoral.

csdiff handles the differential part of scanning, and csgrep is used to produce various formats (e.g., JSON, SARIF, HTML, txt). Differential ShellCheck itself doesn't handle conversion, and I would like to avoid adding a dependency on sarif-tools.

We are already providing sarif output. You can use this output as input for sarif-tools.

I'm not entirely against adding sarif-tools integration, but they must first be packaged into Fedora.

[mpoberezhniy]

I agree. I think we should just provide an example of using sarif-tools to integrate differential-shellcheck executable with other platforms.

I am trying to add Gerrit Review API support to sarif-tools and will provide some examples in this issue.