{"id":15690012,"url":"https://github.com/swinton/code-scanning-playground","last_synced_at":"2026-03-08T22:32:25.299Z","repository":{"id":38125967,"uuid":"277915590","full_name":"swinton/code-scanning-playground","owner":"swinton","description":"A template repository to help you get started with  Code Scanning on GitHub","archived":false,"fork":false,"pushed_at":"2022-12-30T20:57:27.000Z","size":14752,"stargazers_count":9,"open_issues_count":19,"forks_count":7,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-07T23:48:17.318Z","etag":null,"topics":["code-scanning","eslint","example","github","github-actions","sarif"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/swinton.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-07-07T20:28:49.000Z","updated_at":"2023-03-28T02:41:35.000Z","dependencies_parsed_at":"2023-01-31T16:31:20.393Z","dependency_job_id":null,"html_url":"https://github.com/swinton/code-scanning-playground","commit_stats":null,"previous_names":[],"tags_count":0,"template":true,"template_full_name":null,"purl":"pkg:github/swinton/code-scanning-playground","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swinton%2Fcode-scanning-playground","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swinton%2Fcode-scanning-playground/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swinton%2Fcode-scanning-playground/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swinton%2Fcode-scanning-playground/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/swinton","download_url":"https://codeload.github.com/swinton/code-scanning-playground/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swinton%2Fcode-scanning-playground/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30275542,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-08T20:45:49.896Z","status":"ssl_error","status_checked_at":"2026-03-08T20:45:49.525Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-scanning","eslint","example","github","github-actions","sarif"],"created_at":"2024-10-03T18:06:08.636Z","updated_at":"2026-03-08T22:32:25.281Z","avatar_url":"https://github.com/swinton.png","language":"C#","readme":"# `code-scanning-playground`\n\u003e :wave: :earth_americas: a playground for **Code Scanning** :roller_coaster:\n\n## Contents\n- [About](#about)\n- [How it works](#how-it-works)\n- [Getting started](#getting-started)\n- [Additional resources](#additional-resources)\n\n## About\nThis is a template repo, demonstrating GitHub's [Code Scanning capability](https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning), using ESLint to generate a \"code scanning alert\" in GitHub's Security tab:\n\n![example](images/example.png)\n\n## How it works\n- The ESLint analysis workflow [runs on a schedule, and on every `push`](https://github.com/swinton/code-scanning-playground/blob/20366008d4376dd1899559fba0bf5fbbece109c3/.github/workflows/upload-sarif.yml#L3-L8)\n- The ESLint output is [formatted as SARIF](https://github.com/swinton/code-scanning-playground/blob/20366008d4376dd1899559fba0bf5fbbece109c3/.github/workflows/upload-sarif.yml#L18-L20), using the [`@microsoft/eslint-formatter-sarif`](https://github.com/microsoft/sarif-sdk/tree/master/src/ESLint.Formatter#readme) package\n- The SARIF report is submitted to GitHub via the [`github/codeql-action/upload-sarif`](https://github.com/github/codeql-action/tree/main/upload-sarif) action\n\n## Getting started\n1. Register for the code scanning beta [here](https://github.com/features/security/advanced-security/signup)\n1. [Generate a copy of this repo](https://github.com/swinton/code-scanning-playground/generate)\n1. Push a commit -- it can even be an empty commit (`git commit --allow-empty`)\n1. Observe as a new security alert is generated\n\n## Additional resources\n- [SARIF example output](example.sarif.json)\n- [SARIF specification](https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html)\n- [`microsoft/sarif-tutorials`](https://github.com/microsoft/sarif-tutorials): User-friendly documentation for the SARIF file format\n- [SARIF Validator](https://sarifweb.azurewebsites.net/Validation): View and validate your SARIF files\n- [`Sarif.Multitool`](https://www.nuget.org/packages/Sarif.Multitool/): Multi-purpose command line tool for analyzing and manipulating SARIF files\n- [JSON schema for the SARIF specification](https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/schemas/sarif-schema-2.1.0.json)\n- [`ajv-validator/ajv-cli`](https://github.com/ajv-validator/ajv-cli): Command line interface for [`ajv`](https://github.com/epoberezkin/ajv), one of the [fastest json schema validators](https://github.com/ebdrup/json-schema-benchmark)\n- [SARIF support for code scanning](https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning)\n- [Example workflow that runs the ESLint analysis tool](https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github#example-workflow-that-runs-the-eslint-analysis-tool)\n- REST API: https://docs.github.com/en/rest/reference/code-scanning\n- Demo app for uploading SARIF reports to GitHub via the REST API as a GitHub App: https://github.com/swinton/github-app-upload-sarif\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswinton%2Fcode-scanning-playground","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fswinton%2Fcode-scanning-playground","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswinton%2Fcode-scanning-playground/lists"}