{"id":13809741,"url":"https://github.com/advanced-security/codeql-sarif-security-standard-annotator","last_synced_at":"2025-04-28T17:30:46.045Z","repository":{"id":174270446,"uuid":"633136001","full_name":"advanced-security/codeql-sarif-security-standard-annotator","owner":"advanced-security","description":"Compare a CodeQL SARIF results file to a security standard CWE list and annotate the SARIF rules with a tag to highlight results applicable to the security standard","archived":false,"fork":false,"pushed_at":"2025-04-01T12:13:36.000Z","size":2176,"stargazers_count":8,"open_issues_count":16,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-01T13:22:34.197Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/advanced-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-26T21:26:20.000Z","updated_at":"2025-03-09T04:33:51.000Z","dependencies_parsed_at":"2024-04-19T23:30:53.735Z","dependency_job_id":"85d7680c-a7fc-46a5-8ef6-a344d1b5980c","html_url":"https://github.com/advanced-security/codeql-sarif-security-standard-annotator","commit_stats":null,"previous_names":["advanced-security/codeql-sarif-security-standard-annotator"],"tags_count":5,"template":false,"template_full_name":"actions/typescript-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fcodeql-sarif-security-standard-annotator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fcodeql-sarif-security-standard-annotator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fcodeql-sarif-security-standard-annotator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fcodeql-sarif-security-standard-annotator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/advanced-security","download_url":"https://codeload.github.com/advanced-security/codeql-sarif-security-standard-annotator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251355239,"owners_count":21576320,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T02:00:35.340Z","updated_at":"2025-04-28T17:30:45.433Z","avatar_url":"https://github.com/advanced-security.png","language":"TypeScript","readme":"## CodeQL SARIF Security Standard Annotator\n\nCompare a CodeQL SARIF results file to a security standard CWE list and annotate the SARIF rules with a tag to highlight results applicable to the security standard\n\n- Defaults to a comparison against the OWASP Top 10 2021 CWE mapping taken from https://cwe.mitre.org/data/xml/views/1344.xml.zip\n- Any XML file can be provided as an alternative, with the option to provide an XPath query that identifies the CWE ID values to use in the comparison\n- Tag value is configurable\n\nThis supports the ability to filter the Security dashboards by `tag`\n\u003cimg width=\"783\" alt=\"filter the Security dashboards by tag\" src=\"https://github.com/advanced-security/codeql-sarif-security-standard-annotator/assets/1760475/ca1b5519-2a9c-4f03-8dca-4f03bc6fbc05\"\u003e\n\u003cbr/\u003e\u003cbr/\u003e\nAs well as displaying this information along side the Code scanning alert\n\u003cimg width=\"614\" alt=\"displaying this information along side the Code scanning alert\" src=\"https://github.com/advanced-security/codeql-sarif-security-standard-annotator/assets/1760475/30b1c71a-8ee0-4c49-acbf-2161df7c7582\"\u003e\n\n## Usage in GitHub Actions\n\n```\n- name: Perform CodeQL Analysis\n  uses: github/codeql-action/analyze@v2\n  with:\n    upload: false\n    output: sarif-results\n\n- name: Annotate CodeQL SARIF with OWASP Top 10 2021 tag\n  uses: advanced-security/codeql-sarif-security-standard-annotator@v1\n  with:\n    sarifFile: sarif-results/${{matrix.language}}.sarif\n\n- name: Upload SARIF\n  uses: github/codeql-action/upload-sarif@v2\n  with:\n    sarif_file: sarif-results/${{matrix.language}}.sarif\n```\n\n```\ninputs:\n  sarifFile:\n    required: true\n    description: 'The CodeQL SARIF result file'\n  cweFile:\n    required: false\n    description: 'The CWE list XML file, defaults to OWASP Top 10 2021'\n  cweIdXpath:\n    required: false\n    description: 'The XPath query that selects CWE ID numbers from the CWE list file'\n  securityStandardTag:\n    required: false\n    description: 'The security standard tag to add to the SARIF file, defaults to \"owasp-top10-2021\"'\n  outputFile:\n    required: false\n    description: 'The output SARIF file path, defaults to the input SARIF file path'\n```\n\n## Dev requirements\n\nThe repo include a Node.js devcontainer [configuration](.devcontainer/devcontainer.json) which should be used for development. See [CONTRIBUTING](CONTRIBUTING.md).\n\n## License \n\nThis project is licensed under the terms of the MIT open source license. Please refer to [MIT](./LICENSE.txt) for the full terms.\n\n## Maintainers \n\nSee [CODEOWNERS](CODEOWNERS)\n\n## Support\n\nSee [SUPPORT](SUPPORT.md)\n\n## Acknowledgement\n\n@aegilops for the inspiration\n","funding_links":[],"categories":["CodeQL Actions Helpers"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadvanced-security%2Fcodeql-sarif-security-standard-annotator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadvanced-security%2Fcodeql-sarif-security-standard-annotator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadvanced-security%2Fcodeql-sarif-security-standard-annotator/lists"}