{"id":45522962,"url":"https://github.com/falc0ntech/sarifcourier","last_synced_at":"2026-04-18T09:05:44.798Z","repository":{"id":294498695,"uuid":"906302663","full_name":"falc0nTech/SARIFCourier","owner":"falc0nTech","description":"A GitHub Action to render SARIF Security Reports right into your Pull Requests. Without the need for GHAS support!","archived":false,"fork":false,"pushed_at":"2026-04-12T10:41:07.000Z","size":494,"stargazers_count":3,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-17T00:13:03.997Z","etag":null,"topics":["cli","github-actions","sarif","security"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/falc0nTech.png","metadata":{"files":{"readme":"README-action.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-12-20T15:42:33.000Z","updated_at":"2026-02-22T21:30:59.000Z","dependencies_parsed_at":"2025-09-17T06:03:01.448Z","dependency_job_id":"9915d2be-f3f5-4145-bb84-28f009891f4c","html_url":"https://github.com/falc0nTech/SARIFCourier","commit_stats":null,"previous_names":["abdullah-schahin/sarifcourier","security-falcon/sarifcourier","falc0ntech/sarifcourier"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/falc0nTech/SARIFCourier","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/falc0nTech%2FSARIFCourier","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/falc0nTech%2FSARIFCourier/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/falc0nTech%2FSARIFCourier/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/falc0nTech%2FSARIFCourier/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/falc0nTech","download_url":"https://codeload.github.com/falc0nTech/SARIFCourier/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/falc0nTech%2FSARIFCourier/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31962892,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-18T00:39:45.007Z","status":"online","status_checked_at":"2026-04-18T02:00:07.018Z","response_time":103,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","github-actions","sarif","security"],"created_at":"2026-02-22T23:20:41.063Z","updated_at":"2026-04-18T09:05:44.793Z","avatar_url":"https://github.com/falc0nTech.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch4 align=\"center\"\u003e\n  \u003cimg src=\"banner-nob.png\" alt=\"SARIF Courier Logo\" width=\"1000\" /\u003e\n\u003c/h4\u003e\n\n**Render SARIF Security Reports directly in your Pull Requests – no GitHub Advanced Security (GHAS) required!**\n\n## ✨ What is SARIF Courier?\n\nSARIF Courier is a GitHub Action that takes a SARIF (Static Analysis Results Interchange Format) report and posts a beautifully formatted summary as a comment on your Pull Requests. This enables you to surface security and static analysis findings in your PR workflow, even if you do not have access to GitHub Advanced Security (GHAS).\n\n- **No GHAS required:** Works for all repositories, public or private.\n- **Instant feedback:** See security and code analysis results right in your PRs.\n- **Easy integration:** Just drop the action in your workflow and point it to your SARIF file.\n\n## 💡 Why SARIF Courier?\n\n- **Universal:** Works with any SARIF-compliant tool (CodeQL, Semgrep, ESLint, etc).\n- **No vendor lock-in:** No need for GHAS or paid features.\n- **Fast feedback:** Developers see issues before merging.\n\n## 🚦 Usage\n\n### 🔑 Required Environment Variables \u0026 Permissions\n\n- **GITHUB_TOKEN**: Provided automatically by GitHub Actions. Used to post comments on PRs.\n  - **Permissions required:**\n    - `contents: write` (to create/update comments)\n    - `pull-requests: write` (recommended for private repos)\n\nNo additional secrets or configuration are needed.\n\n\u003e [!NOTE]\n\u003e SARIF Courier automatically uses environment variables provided by GitHub Actions for repository name, pull request number, and ref name. You do not need to set these manually—only `GITHUB_TOKEN` is required for posting comments. See the [GitHub Actions documentation](https://docs.github.com/en/actions/learn-github-actions/environment-variables) for more details.\n\n### 📝 Inputs\n\n| Name        | Description                        | Required | Default         |\n|-------------|------------------------------------|----------|-----------------|\n| sarif_file  | Path to the SARIF file to process. |   Yes    | results.sarif   |\n\n\n### Integration\nAdd the following step to your workflow after generating a SARIF report:\n\n```yaml\n- name: Render SARIF in PR\n  uses: Security-Falcon/SARIFCourier@v1\n  with:\n    sarif_file: path/to/your-report.sarif\n```\n\n### Output on PR\n![image](https://github.com/user-attachments/assets/395920ca-f6e8-4ff1-9ccf-bb4dfda51ce1)\n\n### Example Workflow\n\n```yaml\nname: Static Analysis\non:\n  pull_request:\n    branches: [main]\n\npermissions:\n  contents: write\n  pull-requests: write\n\njobs:\n  scan:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - name: Run your static analysis tool\n        run: |\n          # ...run your tool, output SARIF to results.sarif...\n          # ...assuming exit code 1\n      - name: Render SARIF in PR\n        if: failure()\n        uses: Security-Falcon/SARIFCourier@v1\n        with:\n          sarif_file: results.sarif\n```\n\n---\n\n## 🛠️ License\n\nMIT License. See [LICENSE](./LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffalc0ntech%2Fsarifcourier","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffalc0ntech%2Fsarifcourier","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffalc0ntech%2Fsarifcourier/lists"}