[WIP] Add sarif report option to zap-baseline #8005
Conversation
|
I'm not sure this is the right way to go about this. We intend to replace the packaged scans with Automation Framework functionality. To address the DCO requirement you'll need to sign-off the commit(s): |
thc202
changed the title
Would the move be into the new af action? Wondering if there was a known timeline / if we should be rolling our own dictions in the meantime to just leverage zap.sh running with AF configuration |
|
Ref #7659 |
|
@thc202 If the plan has been to move to AF then where is the path forward? I dont see any movement on the af-action repo and just want some improvement for the zap-baseline scans that some of us are using. If there is a desire to move away from the packaged scans can there be some official language added to the support docs to say that this is going to be deprecated and the maintainers have no interest in making updates to fix issues? |
|
We have been a bit busy recently 😁 |
|
@psiinon Are there any open issues that members of the community can assist with? I'd personally like to see this project continue to improve and would love to accelerate any of the dev thats keeping you guys bogged down. |
Part of the required work to officially support Code Scanning integration with
action-baselineOriginal Issue: zaproxy/action-baseline#63
Will require a change to the
action-baselineas well totouchthe right files (see PR here for that change)NOTE: hacked together to just get it to work so there are issues with
.jsonbeing added to the report name, etc. This PR is just to demonstrate where the changes should be made to add sarif support