Skip to content

Document SARIF output integration in README #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
tanmaykapadnis wants to merge 1 commit into from
Closed

Document SARIF output integration in README #36

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -390,3 +390,25 @@ For continuous monitoring, you can schedule regular scans of your projects using
./scripts/setup_cron.sh
```
The script will prompt you for the project path, desired scan frequency (daily, weekly, monthly), and a location to store the JSON reports. It will then output the command to add to your crontab, automating your security scanning and reporting process.

## SARIF Output Integration

PySpector supports exporting results in **SARIF (Static Analysis Results Interchange Format)** — a standardized JSON format used by modern security tools and CI/CD platforms.

### What is SARIF?

SARIF is a machine-readable format that allows static analysis tools to share findings across platforms like:

- GitHub Code Scanning
- Azure DevOps
- VS Code SARIF Viewer
- Security dashboards in CI/CD pipelines

---

### Generate a SARIF Report

To export results in SARIF format:

```bash
pyspector scan /path/to/project -o report.sarif -f sarif