Skip to content

feat: ingest SARIF analyzer evidence #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
haasonsaas merged 1 commit into from
May 18, 2026
Merged

feat: ingest SARIF analyzer evidence #103

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .diffscope.yml.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,4 +156,8 @@ paths:
plugins:
eslint: true
semgrep: true
secret_scanner: true
supply_chain: true
rust_compile: true
duplicate_filter: true
sarif_reports: []
12 changes: 9 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -439,9 +439,15 @@ rule_priority:

# Built-in plugins (enabled by default)
plugins:
eslint: true # JavaScript/TypeScript linting
semgrep: true # Security-focused static analysis
duplicate_filter: true # Remove duplicate comments
eslint: true # JavaScript/TypeScript linting
semgrep: true # Security-focused static analysis
duplicate_filter: true # Remove duplicate comments
secret_scanner: true # Regex-based secret detection on added lines
supply_chain: true # Dependency manifest risk analysis
rust_compile: true # Rust compile-regression analysis
sarif_reports: # Optional SARIF/code-scanning reports, repo-local only
- codeql.sarif
- semgrep.sarif

# Global exclusions
exclude_patterns:
Expand Down
5 changes: 5 additions & 0 deletions src/config.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -771,6 +771,10 @@ pub struct PluginConfig {
/// Rust compile-regression analysis for high-confidence struct initializer removals.
#[serde(default = "default_true")]
pub rust_compile: bool,

/// SARIF/code-scanning report paths to ingest as analyzer evidence.
#[serde(default)]
pub sarif_reports: Vec<String>,
}

impl Default for PluginConfig {
Expand All @@ -782,6 +786,7 @@ impl Default for PluginConfig {
secret_scanner: true,
supply_chain: true,
rust_compile: true,
sarif_reports: Vec::new(),
}
}
}
Expand Down
2 changes: 2 additions & 0 deletions src/plugins/builtin/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,15 @@ mod duplicate_filter;
mod eslint;
mod path_utils;
mod rust_compile;
mod sarif;
mod secret_scanner;
mod semgrep;
mod supply_chain;

pub use duplicate_filter::DuplicateFilter;
pub use eslint::EslintAnalyzer;
pub use rust_compile::RustCompileAnalyzer;
pub use sarif::SarifAnalyzer;
pub use secret_scanner::SecretScanner;
pub use semgrep::SemgrepAnalyzer;
pub use supply_chain::SupplyChainAnalyzer;
Loading
Loading