Expose output-file as an output when advanced-security: true#87
Expose output-file as an output when advanced-security: true#87woodruffw merged 3 commits intozizmorcore:mainfrom
output-file as an output when advanced-security: true#87Conversation
Co-authored-by: Lachlan Kidson <lachlan.kidson@skyscanner.net>
Signed-off-by: William Woodruff <william@yossarian.net>
Signed-off-by: William Woodruff <william@yossarian.net>
|
Thanks @unlobito! |
|
Hey @woodruffw, apologies for not getting this on Friday :( Was pulled in a few different directions and you got back to this before I had a chance to. Maybe a bit awkward given the org-level template but, is it worth adding a note here / to the No worries if you want to wait for some other changes, but I'd also really appreciate if you're able to publish this as a tagged release. Thanks for your help with this PR, and thanks again for your work on zizmor! 🙇 |
|
No worries at all @unlobito! Yeah, I think customizing the PR templates for this repo makes sense, and including a pointer to the self-tests would be ideal.
Yeah, I will most likely do this sometime today. Please give me a ping in the next day or so if I don't, I don't mind being nudged on it. |
|
@woodruffw just giving you that nudge you requested 🫣, thanks again for this! |
|
Thanks for the nudge, I've released 0.5.0 with this change! |
3 participants
Pre-submission checks
Please check these boxes:
Mandatory: This PR corresponds to an issue (if not, please create
one first).
I hereby disclose the use of an LLM or other AI coding assistant in the
creation of this PR. PRs will not be rejected for using AI tools, but
will be rejected for undisclosed use.
If a checkbox is not applicable, you can leave it unchecked.
Summary
Fixes #86.
Expose the
sarif-fileoutput fromaction.shas an output to the overall action calledoutput-fileTest Plan
Tested on a private repo to ensure:
output-fileis a filepath to the expected scan results in SARIF formatadvanced-security: false, the workflow still runs butoutput-fileis an empty string