UNPKG

@security-alert/sarif-to-issue

Version:
89 lines 4.65 kB
import meow from "meow"; import { createIssueFromSarif } from "./index"; import fs from "fs"; export function run() { var cli = meow("\n Usage\n $ npx @security-alert/sarif-to-issue <sarif-file-path>\n \n Inputs\n <sarif-file-path> Path to sarif file path\n \n Options\n --dryRun Dry-Run when it is enabled\n --token [Required] GitHub Token, or support environment variables - GITHUB_TOKEN=xxx\n --owner [Required] Github repository owner for creating issue. e.g.) \"azu\"\n --repo [Required] Github repository name for creating issue. e.g.) \"security-alert\"\n --title [Required] GitHub issue title. e.g.) \"Security Notice\"\n --assignees Assignee user name of the issue. names are separated by ,(comma)\n --labels Label names of the issue. labels are separated by ,(comma) \n --sarifContentOwner [Required] GitHub Owner name of sarif content result. e.g. \"owner\"\n --sarifContentRepo [Required] GitHub Repository name of sarif content result. e.g. \"repo\"\n --sarifContentBranch [Required] GitHub Repository branch name of sarif content result. e.g. \"master\"\n --sarifContentSourceRoot Base path to sarif scanned source. You can set CodeQL's sourceLocationPrefix as relative value if necessary\n \n Examples\n # Create an issue to azu/codeql-scan-example from \"./test/fixtures/xss.sarif\" file\n $ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-issue --title \"Example Issue\" --owner azu --repo codeql-scan-example --sarifContentOwner azu --sarifContentRepo codeql-scan-example --sarifContentBranch master ./test/fixtures/xss.sarif\n # Create an issue to azu/example-repo with \"security\" labels\n $ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-issue output.sarif --title \"Example Issue\" --owner azu --repo codeql-scan-example --sarifContentOwner azu --sarifContentRepo codeql-scan-example --sarifContentBranch master ./test/fixtures/xss.sarif --labels \"security\" \n\n", { flags: { dryRun: { type: "boolean" }, token: { type: "string" }, title: { type: "string", isRequired: true }, owner: { type: "string", isRequired: true }, repo: { type: "string", isRequired: true }, assignees: { type: "string" }, labels: { type: "string" }, sarifContentOwner: { type: "string", isRequired: true }, sarifContentRepo: { type: "string", isRequired: true }, sarifContentBranch: { type: "string", isRequired: true }, sarifContentSourceRoot: { type: "string" } }, autoHelp: true, autoVersion: true }); var token = process.env.GITHUB_TOKEN || cli.flags.token; if (!token) { cli.showHelp(1); return; } var arrayOption = function (flags) { if (!flags) { return []; } return flags.split(",").map(function (flag) { return flag.trim(); }); }; var promises = cli.input.map(function (sarifFilePath) { var content = fs.readFileSync(sarifFilePath, "utf-8"); return createIssueFromSarif({ token: token, dryRun: cli.flags.dryRun, issue: { title: cli.flags.title, owner: cli.flags.owner, repo: cli.flags.repo, labels: arrayOption(cli.flags.labels), assignees: arrayOption(cli.flags.assignees) }, sarifContent: content, sarifContentOwner: cli.flags.sarifContentOwner, sarifContentBranch: cli.flags.sarifContentBranch, sarifContentRepo: cli.flags.sarifContentRepo, sarifContentSourceRoot: cli.flags.sarifContentSourceRoot }).then(function (result) { if (!result) { return ""; } return result.html_url; }); }); return Promise.all(promises).then(function (issuesURL) { return issuesURL.join("\n"); }); } //# sourceMappingURL=cli.js.map