Tip
Hire Tang Rufus!
I am looking for my next role, freelance or full-time. If you find this tool useful, I can build you more weird stuff like this. Let's talk if you are hiring PHP / Ruby / Go developers.
Contact me at https://typist.tech/contact/
Convert Composer audit reports to SARIF files, so that they can be uploaded to GitHub as code scanning alerts.
USAGE:
comsarif [<flags>...] --audit <audit.json> --lock <composer.lock>
FLAGS:
-audit string
path to Composer audit JSON
-lock string
path to composer.lock
-root string
path to repository root. Default to current directory
-v Print version
-version
Print version
EXAMPLES:
# Generate SARIF based on composer.lock
$ composer audit --locked --format json > audit.json
$ comsarif --audit audit.json --lock composer.lock
# Generate SARIF based on installed packages
$ composer install
$ composer audit --format json > audit.json
$ comsarif --audit audit.json --lock composer.lockRefer to composer-audit-to-sarif-action.
Refer to Go Reference on pkg.go.dev.
Tip
Hire Tang Rufus!
There is no need to understand any of these quirks. Let me handle them for you. I am seeking my next job, freelance or full-time.
If you are hiring PHP / Ruby / Go developers, contact me at https://typist.tech/contact/
brew install typisttech/tap/comsarifgo install github.com/typisttech/comsarif/cmd/comsarif@latestFollow the instructions on https://broadcasts.cloudsmith.com/typisttech/oss
Package repository hosting is graciously provided by Cloudsmith. Cloudsmith is the only fully hosted, cloud-native, universal package management solution, that enables your organization to create, store and share packages in any format, to any place, with total confidence.
- Composer Audit to SARIF Action Use ComSARIF in GitHub Actions
- PHP Matrix Action
Generate PHP version matrix according to
composer.jsonfor GitHub Actions - WP Sec Adv Composer repository for WordPress security advisories
- WP Org Closed Plugin Composer plugin to mark packages as abandoned if closed on WordPress.org
ComSARIF is a Typist Tech project and maintained by Tang Rufus, freelance developer for hire.
Full list of contributors can be found here.
This project is a free software distributed under the terms of the MIT license. For the full license, see LICENSE.
Feedbacks / bug reports / pull requests are welcome.