{"id":13552128,"url":"https://github.com/redhat-plumbers-in-action/differential-shellcheck","last_synced_at":"2025-04-04T12:07:11.847Z","repository":{"id":38821671,"uuid":"432240469","full_name":"redhat-plumbers-in-action/differential-shellcheck","owner":"redhat-plumbers-in-action","description":"🐚 GitHub Action for running ShellCheck differentially","archived":false,"fork":false,"pushed_at":"2025-03-24T13:20:37.000Z","size":1950,"stargazers_count":59,"open_issues_count":17,"forks_count":10,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-29T08:38:38.021Z","etag":null,"topics":["bash","differential-scans","docker","full-scans","github-action","linter","sarif","sast","shell","shellcheck","shellcheck-action"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/redhat-plumbers-in-action.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"docs/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"docs/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"docs/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-26T16:30:25.000Z","updated_at":"2025-03-24T13:20:34.000Z","dependencies_parsed_at":"2023-11-09T13:40:29.068Z","dependency_job_id":"5c35115b-57e7-4762-8f6c-10884408ce29","html_url":"https://github.com/redhat-plumbers-in-action/differential-shellcheck","commit_stats":{"total_commits":491,"total_committers":10,"mean_commits":49.1,"dds":"0.38900203665987776","last_synced_commit":"2e8efb3df7e4473e9f9847f607a059698dd270c0"},"previous_names":[],"tags_count":56,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-plumbers-in-action%2Fdifferential-shellcheck","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-plumbers-in-action%2Fdifferential-shellcheck/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-plumbers-in-action%2Fdifferential-shellcheck/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-plumbers-in-action%2Fdifferential-shellcheck/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/redhat-plumbers-in-action","download_url":"https://codeload.github.com/redhat-plumbers-in-action/differential-shellcheck/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247157275,"owners_count":20893219,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","differential-scans","docker","full-scans","github-action","linter","sarif","sast","shell","shellcheck","shellcheck-action"],"created_at":"2024-08-01T12:01:59.329Z","updated_at":"2025-04-04T12:07:11.831Z","avatar_url":"https://github.com/redhat-plumbers-in-action.png","language":"Shell","funding_links":[],"categories":["Shell","shell"],"sub_categories":[],"readme":"\u003c!-- markdownlint-disable MD033 MD041 --\u003e\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/redhat-plumbers-in-action/team/blob/70f67465cc46e02febb16aaa1cace2ceb82e6e5c/members/green-plumber.png\" width=\"100\" alt=\"Differential ShellCheck\" /\u003e\n  \u003ch1 align=\"center\"\u003eDifferential ShellCheck\u003c/h1\u003e\n\u003c/p\u003e\n\n[![GitHub Marketplace][market-status]][market] [![Lint Code Base][linter-status]][linter] [![Unit Tests][test-status]][test]\n\n![OSSF-Scorecard Score][scorecard-status] [![OpenSSF Best Practices][best-practices-status]][best-practices] [![codecov][codecov-status]][codecov]\n\n\u003c!-- Status links --\u003e\n\n[market]: https://github.com/marketplace/actions/differential-shellcheck\n[market-status]: https://img.shields.io/badge/Marketplace-Differential%20Shellcheck-blue.svg?colorA=24292e\u0026colorB=0366d6\u0026style=flat\u0026longCache=true\u0026logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAYAAAAfSC3RAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAM6wAADOsB5dZE0gAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAAAERSURBVCiRhZG/SsMxFEZPfsVJ61jbxaF0cRQRcRJ9hlYn30IHN/+9iquDCOIsblIrOjqKgy5aKoJQj4O3EEtbPwhJbr6Te28CmdSKeqzeqr0YbfVIrTBKakvtOl5dtTkK+v4HfA9PEyBFCY9AGVgCBLaBp1jPAyfAJ/AAdIEG0dNAiyP7+K1qIfMdonZic6+WJoBJvQlvuwDqcXadUuqPA1NKAlexbRTAIMvMOCjTbMwl1LtI/6KWJ5Q6rT6Ht1MA58AX8Apcqqt5r2qhrgAXQC3CZ6i1+KMd9TRu3MvA3aH/fFPnBodb6oe6HM8+lYHrGdRXW8M9bMZtPXUji69lmf5Cmamq7quNLFZXD9Rq7v0Bpc1o/tp0fisAAAAASUVORK5CYII=\n\n[linter]: https://github.com/redhat-plumbers-in-action/differential-shellcheck/actions/workflows/linter.yml\n[linter-status]: https://github.com/redhat-plumbers-in-action/differential-shellcheck/actions/workflows/linter.yml/badge.svg\n\n[test]: https://github.com/redhat-plumbers-in-action/differential-shellcheck/actions/workflows/unit-test.yml\n[test-status]: https://github.com/redhat-plumbers-in-action/differential-shellcheck/actions/workflows/unit-test.yml/badge.svg\n\n[codecov]: https://codecov.io/gh/redhat-plumbers-in-action/differential-shellcheck\n[codecov-status]: https://codecov.io/gh/redhat-plumbers-in-action/differential-shellcheck/branch/main/graph/badge.svg?token=9E9K03DRX5\n\n[scorecard-status]: https://img.shields.io/ossf-scorecard/github.com/redhat-plumbers-in-action/differential-shellcheck?label=OSSF-Scorecard%20Score\n\n[best-practices]: https://bestpractices.coreinfrastructure.org/projects/6540\n[best-practices-status]: https://bestpractices.coreinfrastructure.org/projects/6540/badge\n\n\u003c!-- --\u003e\n\nThis repository hosts code for running Differential ShellCheck in GitHub Actions. Idea of having something like a Differential ShellCheck was first introduced in [@fedora-sysv/initscripts](https://github.com/fedora-sysv/initscripts). Initscripts needed some way to verify incoming Pull Requests without getting warnings and errors about already merged and for years working code. Therefore, Differential ShellCheck was born.\n\n## How does it work\n\nFirst Differential ShellCheck gets a list of changed shell scripts based on file extensions, shebangs and script list, if provided. Then it calls [@koalaman/shellcheck](https://github.com/koalaman/shellcheck) on those scripts where it stores ShellCheck output for later use. Then it switches from `HEAD` to provided `BASE` and runs ShellCheck on the same files as before and stores output to a separate file.\n\nTo evaluate results, Differential ShellCheck uses utilities `csdiff` and `csgrep` from [@csutils/csdiff](https://github.com/csutils/csdiff). First `csdiff` is used to get a list/number of fixed and added errors. And then `csgrep` is used to output the results in a nice colorized way to console and optionally into GitHub GUI as a security alert.\n\n## Features\n\n* Shell scripts auto-detection based on shebangs, ShellCheck directives, file extensions and more\n  * supported shell interpreters are: `sh`, `ash`, `bash`, `dash`, `ksh` and `bats`\n  * supported shebangs are: `#!/bin/`, `#!/usr/bin/`, `#!/usr/local/bin/`, `#!/bin/env␣`, `#!/usr/bin/env␣` and `#!/usr/local/bin/env␣` ; e.g. `#!/bin/env␣bash`\n  * support for ShellCheck directives ; e.g. `# shellcheck shell=bash`\n  * support for [`emacs` modes specifications](https://www.gnu.org/software/emacs/manual/html_node/emacs/Choosing-Modes.html) ; e.g. `# -*- sh -*-`\n  * support for [`vi/vim` modeline specifications](http://vimdoc.sourceforge.net/htmldoc/options.html#modeline) ; e.g. `# vi: set filetype=sh`, `# vim: ft=sh`\n* Ability to allowlist specific error codes\n* Statistics about fixed and added defects and their severity\n* Colored console output with emojis\n* [SARIF support](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning) - warnings are visible in the `Changed files` tab of the Pull-Request and as [comment alerts on Pull-Requests](https://github.blog/changelog/2022-06-02-users-can-view-and-comment-on-code-scanning-alerts-on-the-conversation-tab-in-a-pull-request/)\n* Ability to run in a verbose mode when run with [debug option](https://github.blog/changelog/2022-05-24-github-actions-re-run-jobs-with-debug-logging/)\n* Results displayed as [Job Summaries](https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/) - [example](docs/images/job-summary-light.png)\n* Ability to configure Differential ShellCheck using [`.shellcheckrc`](https://github.com/koalaman/shellcheck/blob/master/shellcheck.1.md#rc-files)\n\n## Usage\n\nExample of running Differential ShellCheck:\n\n```yml\nname: Differential ShellCheck\non:\n  push:\n    branches: [ main ]\n  pull_request:\n    branches: [ main ]\n\npermissions:\n  contents: read\n\njobs:\n  lint:\n    runs-on: ubuntu-latest\n\n    permissions:\n      # required for all workflows\n      security-events: write\n\n      # only required for workflows in private repositories\n      actions: read\n      contents: read\n\n    steps:\n      - name: Repository checkout\n        uses: actions/checkout@v4\n        with:\n          # Differential ShellCheck requires full git history\n          fetch-depth: 0\n\n      - id: ShellCheck\n        name: Differential ShellCheck\n        uses: redhat-plumbers-in-action/differential-shellcheck@v5\n        with:\n          token: ${{ secrets.GITHUB_TOKEN }}\n\n      - if: ${{ runner.debug == '1' \u0026\u0026 !cancelled() }}\n        name: Upload artifact with ShellCheck defects in SARIF format\n        uses: actions/upload-artifact@v4\n        with:\n          name: Differential ShellCheck SARIF\n          path: ${{ steps.ShellCheck.outputs.sarif }}\n```\n\n\u003e [!IMPORTANT]\n\u003e\n\u003e _`fetch-depth: 0` is required to run `differential-shellcheck` successfully. It fetches all git history._\n\n\u003e [!TIP]\n\u003e\n\u003e You can limit execution of `differential-shellcheck` to upstream repository by using `if: github.event.repository == 'your_org/your_repo'` before `runs-on: ubuntu-latest`.\n\n\u003cdetails\u003e\n  \u003csummary\u003eConsole output example\u003c/summary\u003e\n  \u003cp align=\"center\"\u003e\n    \u003cimg src=\"docs/images/output-example.png\" width=\"800\" alt=\"Console output example\" /\u003e\n  \u003c/p\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eExample of Job Summary\u003c/summary\u003e\n  \u003cp align=\"center\"\u003e\n    \u003cpicture\u003e\n      \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"docs/images/job-summary-dark.png\"\u003e\n      \u003cimg src=\"docs/images/job-summary-light.png\" width=\"600\" alt=\"Example of Job Summary\" /\u003e\n    \u003c/picture\u003e\n  \u003c/p\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eExample of output in Changed files tab\u003c/summary\u003e\n  \u003cp align=\"center\"\u003e\n    \u003cpicture\u003e\n      \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"docs/images/sarif-output-example-dark.png\"\u003e\n      \u003cimg src=\"docs/images/sarif-output-example-light.png\" width=\"600\" alt=\"Example of output in Changed files tab\" /\u003e\n    \u003c/picture\u003e\n  \u003c/p\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eExample of @github-code-scanning bot review comment\u003c/summary\u003e\n  \u003cp align=\"center\"\u003e\n    \u003cpicture\u003e\n      \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"docs/images/sarif-comment-dark.png\"\u003e\n      \u003cimg src=\"docs/images/sarif-comment-light.png\" width=\"600\" alt=\"Example of @github-code-scanning bot review comment\" /\u003e\n    \u003c/picture\u003e\n  \u003c/p\u003e\n\u003c/details\u003e\n\n### Real life examples of usage\n\n* [`rbenv/rbenv` ![GitHub Repo stars](https://img.shields.io/github/stars/rbenv/rbenv?style=social)](https://github.com/rbenv/rbenv)\n\n* [`Bash-it/bash-it` ![GitHub Repo stars](https://img.shields.io/github/stars/Bash-it/bash-it?style=social)](https://github.com/Bash-it/bash-it)\n\n* [`scylladb/scylladb` ![GitHub Repo stars](https://img.shields.io/github/stars/scylladb/scylladb?style=social)](https://github.com/scylladb/scylladb)\n\n* [`systemd/systemd` ![GitHub Repo stars](https://img.shields.io/github/stars/systemd/systemd?style=social)](https://github.com/systemd/systemd)\n\n* [`cockpit-project/cockpit` ![GitHub Repo stars](https://img.shields.io/github/stars/cockpit-project/cockpit?style=social)](https://github.com/cockpit-project/cockpit)\n\n* [`89luca89/distrobox` ![GitHub Repo stars](https://img.shields.io/github/stars/89luca89/distrobox?style=social)](https://github.com/89luca89/distrobox)\n\n* more examples - [here](https://github.com/redhat-plumbers-in-action/differential-shellcheck/network/dependents?package_id=UGFja2FnZS0yOTkzNjMxNzI2)\n\n## Configuration options\n\nAction currently accepts following options:\n\n```yml\n# ...\n\n- name: Differential ShellCheck\n  uses: redhat-plumbers-in-action/differential-shellcheck@v5\n  with:\n    triggering-event: \u003cname of triggering event\u003e\n    base: \u003csha1\u003e\n    head: \u003csha1\u003e\n    pull-request-base: \u003csha1\u003e\n    pull-request-head: \u003csha1\u003e\n    push-event-base: \u003csha1\u003e\n    push-event-head: \u003csha1\u003e\n    diff-scan: \u003ctrue or false\u003e\n    strict-check-on-push: \u003ctrue or false\u003e\n    external-sources: \u003ctrue or false\u003e\n    severity: \u003cminimal severity level\u003e\n    scan-directory: \u003clist of paths\u003e\n    exclude-path: \u003clist of paths\u003e\n    include-path: \u003clist of paths\u003e\n    token: \u003cGitHub token\u003e\n\n# ...\n```\n\n### triggering-event\n\nThe name of the event that triggered the workflow run. Supported values are: `merge_group`, `pull_request`, `push` and `manual`.\n\n* default value: `${{ github.event_name }}`\n* requirements: `optional`\n\n### base\n\n`SHA1` of the commit which will be used as the base when performing differential ShellCheck. Input is used only when `triggering-event` is set to `manual`.\n\n* default value: `undefined`\n* requirements: `optional`\n\n### head\n\n`SHA1` of the commit which refers to the `HEAD` of changes. Input is used only when `triggering-event` is set to `manual`.\n\n* default value: `undefined`\n* requirements: `optional`\n\n### merge-group-base\n\n`SHA1` of the merge group's parent commit. Input is used when `triggering-event` is set to `merge_group`.\n\n* default value: `${{ github.event.merge_group.base_sha }}`\n* requirements: `optional`\n\n### merge-group-head\n\n`SHA1` of the merge group commit. Input is used when `triggering-event` is set to `merge_group`.\n\n* default value: `${{ github.event.merge_group.head_sha }}`\n* requirements: `optional`\n\n### pull-request-base\n\n`SHA1` of the top commit on the base branch. Input is used when `triggering-event` is set to `pull_request`.\n\n* default value: `${{ github.event.pull_request.base.sha }}`\n* requirements: `optional`\n\n### pull-request-head\n\n`SHA1` of the latest commit in Pull Request. Input is used when `triggering-event` is set to `pull_request`.\n\n* default value: `${{ github.event.pull_request.head.sha }}`\n* requirements: `optional`\n\n### push-event-base\n\n`SHA1` of the last commit before the push. Input is used when `triggering-event` is set to `push`.\n\n* default value: `${{ github.event.before }}`\n* requirements: `optional`\n\n### push-event-head\n\n`SHA1` of the last commit after push. Input is used when `triggering-event` is set to `push`.\n\n* default value: `${{ github.event.after }}`\n* requirements: `optional`\n\n### diff-scan\n\nInput allows requesting a specific type of scan. Input is considered only if `triggering-event` is set to `manual`.\n\nDefault types of scans based on `triggering-event` input:\n\n| `triggering-event` | type of scan               |\n|--------------------|----------------------------|\n| `merge_group`      | differential               |\n| `pull_request`     | differential               |\n| `push`             | full                       |\n| `manual`           | based on `diff-scan` input |\n\n* default value: `true`\n* requirements: `optional`\n\n### strict-check-on-push\n\nDifferential ShellCheck performs full scans when running on a `push` event, but the Action fails only when new defects are added. This option allows overwriting this behavior. Hence when `strict-check-on-push` is set to `true` it will fail when any defect is discovered.\n\n* default value: `false`\n* requirements: `optional`\n\n### external-sources\n\nEnable following of source statements even when the file is not specified as input. By default, [ShellCheck](https://github.com/koalaman/shellcheck/blob/master/shellcheck.1.md) will only follow files specified on the command-line (plus `/dev/null`). This option allows following any file the script may source. This option may also be enabled using `external-sources=true` in `.shellcheckrc`.\n\n* default value: `true`\n* requirements: `optional`\n\n### severity\n\nMinimal severity level of detected errors that will be reported. Valid values in order of severity are `error`, `warning`, `info` and `style`.\n\n* default value: `style`\n* requirements: `optional`\n\n### scan-directory\n\nList of relative paths to directories that will be scanned for shell scripts. Globbing is supported. The list is a multi-line string, not a YAML list.\n\nBy default the whole repository is scanned. This feature is useful when you want to scan only a subset of the repository.\n\nThis feature is fully compatible with [exclude-path](#exclude-path) and [include-path](#include-path) options.\n\n* requirements: `optional`\n* example: `\"build/**\"`\n* example for multiple values:\n\n  ```yml\n  scan-directory: |\n    build/**\n    testing\n  ```\n\n### exclude-path\n\nList of relative paths excluded from ShellCheck scanning. Globbing is supported. The list is a multi-line string, not a YAML list.\n\n* requirements: `optional`\n* example: `\"test/{bats,beakerlib}/**\"`\n\n### include-path\n\nList of file paths that will be scanned by ShellCheck. Globbing is supported. The list is a multi-line string, not a YAML list.\n\n* requirements: `optional`\n* example: `\"src/**.{shell,custom}\"`\n\n### display-engine\n\nTool used to display the defects and fixes in the console output. Currently supported tools are [`csgrep`](https://github.com/csutils/csdiff) and [`sarif-fmt`](https://github.com/psastras/sarif-rs/tree/main/sarif-fmt#readme).\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"docs/images/csgrep-output-example.png\" width=\"600\" alt=\"csgrep output example\" /\u003e\n  \u003cp\u003e\u003ci\u003e`display-engine: csgrep`\u003c/i\u003e\u003c/p\u003e\n  \u003cimg src=\"docs/images/sarif-fmt-output-example.png\" width=\"450\" alt=\"sarif-fmt output example\" /\u003e\n  \u003cp\u003e\u003ci\u003e`display-engine: sarif-fmt`\u003c/i\u003e\u003c/p\u003e\n\u003c/div\u003e\n\n* requirements: `optional`\n* default value: `csgrep`\n\n### token\n\nThe token is used to upload findings in SARIF format to GitHub.\n\n* default value: `undefined`\n* requirements: `optional`\n\nThe token needs to have the following [permissions](https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data):\n\n* `security_events: write` - required for **all repositories**.\n* `actions: read` and `contents: read` - required only for **private repositories**.\n\n\u003e [!TIP]\n\u003e\n\u003e When the `token` isn't passed, the SARIF file won't be uploaded (the GitHub Security Dashboard won't be updated), but the Action will work as expected. SARIF file can also be uploaded manually using [sarif from outputs](#sarif) and [github/codeql-action/upload-sarif](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions) GitHub Action.\n\n## Outputs\n\nDifferential ShellCheck exposes following [outputs](https://docs.github.com/en/actions/using-jobs/defining-outputs-for-jobs).\n\n### `sarif`\n\nRelative path to the SARIF file containing detected defects. Example of how to use `sarif` output within the workflow:\n\n```yaml\n- id: ShellCheck\n  name: Differential ShellCheck\n  uses: redhat-plumbers-in-action/differential-shellcheck@v5\n\n- if: ${{ runner.debug == '1' \u0026\u0026 !cancelled() }}\n  name: Upload artifact with ShellCheck defects in SARIF format\n  uses: actions/upload-artifact@v4\n  with:\n    name: Differential ShellCheck SARIF\n    path: ${{ steps.ShellCheck.outputs.sarif }}\n\n- if: ${{ !cancelled() }}\n  name: Upload SARIF to GitHub using github/codeql-action/upload-sarif\n  uses: github/codeql-action/upload-sarif@v2\n  with:\n    sarif_file: ${{ steps.ShellCheck.outputs.sarif }}\n```\n\n\u003e [!TIP]\n\u003e\n\u003e `sarif` output can be used together with tools like [`microsoft/sarif-tools`](https://github.com/microsoft/sarif-tools?tab=readme-ov-file#sarif-tools) to convert SARIF to other formats like `codeclimate`, `csv`, `docx` and more. [Example of use](https://github.com/microsoft/sarif-tools?tab=readme-ov-file#suggested-usage-in-ci-pipelines).\n\n### `html`\n\nRelative path to the HTML file containing detected defects. Example of how to use `html` output within the workflow:\n\n```yaml\n- id: ShellCheck\n  name: Differential ShellCheck\n  uses: redhat-plumbers-in-action/differential-shellcheck@v5\n\n- if: ${{ !cancelled() }}\n  name: Upload artifact with ShellCheck defects in HTML format\n  uses: actions/upload-artifact@v4\n  with:\n    name: Differential ShellCheck HTML\n    path: ${{ steps.ShellCheck.outputs.html }}\n```\n\n[Example](docs/example.xhtml) of HTML output:\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/images/html-output-exmple.png\" width=\"800\" alt=\"HTML output example\" /\u003e\n\u003c/p\u003e\n\n### `shellcheck-full`\n\nShellCheck JSON output when Full scan is requested. Useful when debugging.\n\n### `shellcheck-head`\n\nShellCheck JSON output for HEAD commit. Useful when debugging.\n\n### `shellcheck-base`\n\nShellCheck JSON output for BASE commit. Useful when debugging.\n\n## Using with Private repositories\n\nDifferential ShellCheck GitHub Action could be used in private repositories by any user. But code scanning-related features are available only for GitHub Enterprise users, as mentioned in [GitHub Documentation](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning):\n\n_Code scanning is available for all public repositories on GitHub.com. Code scanning is also available for private repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. For more information, see \"[About GitHub Advanced Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security)\"._\n\n## Using with Visual Studio Code\n\nDifferential ShellCheck doesn't have a Visual Studio Code plugin, but results can be accessed by using [SARIF Viewer](https://marketplace.visualstudio.com/items?itemName=MS-SarifVSCode.sarif-viewer) Visual Studio Code extension provided by Microsoft. Once installed, you have to connect your GitHub account with Visual Studio Code. Then, if you open a repository that uses Differential ShellCheck, you will see reported defects directly in your Visual Studio Code IDE.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/images/vs-code-sarif-connect-dark.png\" width=\"450\" alt=\"Visual Studio Code SARIF connect\" /\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/images/vs-code-sarif-results-dark.png\" width=\"550\" alt=\"Visual Studio Code SARIF results\" /\u003e\n\u003c/p\u003e\n\n## Limitations\n\n* `differential-shellcheck` Action doesn't run correctly when overwriting commits using `--force` and when the triggering event is `push`.\n\n---\n\nUseful documents: _[CHANGELOG](docs/CHANGELOG.md)_ | _[ARCHITECTURE](docs/ARCHITECTURE.md)_ | _[CONTRIBUTING](docs/CONTRIBUTING.md)_ | _[CODE_OF_CONDUCT](docs/CODE_OF_CONDUCT.md)_ | _[SECURITY](docs/SECURITY.md)_ | _[LICENSE](LICENSE)_\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredhat-plumbers-in-action%2Fdifferential-shellcheck","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredhat-plumbers-in-action%2Fdifferential-shellcheck","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredhat-plumbers-in-action%2Fdifferential-shellcheck/lists"}