https://github.com/advanced-security/sarif-viewer

JetBrains IDE plugin for displaying SARIF from GHAS or from a local file
https://github.com/advanced-security/sarif-viewer

Last synced: 12 days ago
JSON representation

JetBrains IDE plugin for displaying SARIF from GHAS or from a local file

• Host: GitHub
• URL: https://github.com/advanced-security/sarif-viewer
• Owner: advanced-security
• License: mit
• Created: 2023-09-28T15:39:11.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-04-25T19:55:37.000Z (15 days ago)
• Last Synced: 2025-04-25T20:37:27.161Z (15 days ago)
• Language: Kotlin
• Homepage:
• Size: 2.41 MB
• Stars: 9
• Watchers: 2
• Forks: 4
• Open Issues: 5
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: .github/CODEOWNERS
  • Security: SECURITY.md
  • Support: SUPPORT.md

Awesome Lists containing this project

README

        
# SARIF-viewer

![Version](https://img.shields.io/jetbrains/plugin/v/23159-sarif-viewer) ![example branch parameter](https://github.com/advanced-security/SARIF-viewer/actions/workflows/build.yml/badge.svg?branch=main)



SARIF viewer to view the results of static analysis tools in the IDE.

The Sarif comes from GitHub Advanced Security (GHAS) or from the local file system.

You must provide in the settings a personal access token (PAT) to access the GitHub API with as least the following scopes:

- Pull request read

- Code scanning read

- Metadata read

## Installation

### Manual

- Download the signed zip file release from GitHub Releases : https://github.com/advanced-security/SARIF-viewer/releases

- Add it to you IDE via `Settings > Plugins > Install Plugin from Disk...`

## Configuration

You must provide a personal access token (PAT) to access the GitHub API with as least the following scopes:

- Pull request read

- Code scanning read

- Metadata read

And add it to the plugin configuration via `Settings > Tools > Sarif Viewer`

If you are using GHES, you must also provide the URL and the corresponding token of your GHES instance.



## Usage

If there is a scan done one the current branch, the plugin will automatically display the results in the tool window.

When you change branch, the plugin will automatically display the results of the new branch.

If the current branch has one or more pull request, you will be able to select with the combobox the PR to display the results of.

The result will be grouped by vulnerabilities and you will be able to navigate to the source code by clicking on the result. Also a detail will also be displayed with the path of the vulnerability and the description to help you remediate.

## 🤝  Found a bug? Missing a specific feature?

Feel free to **file a new issue** with a respective [title and description](https://github.com/advanced-security/SARIF-viewer/issues) repository. If you already found a solution to your problem, **we would love to review your pull request**!

## License 

This project is licensed under the terms of the MIT open source license. Please refer to [MIT](./LICENSE.txt) for the full terms.