Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add annotations to files in github pr #159

Open
florianmutter opened this issue Jan 3, 2024 · 4 comments
Open

Add annotations to files in github pr #159

florianmutter opened this issue Jan 3, 2024 · 4 comments

Comments

@florianmutter
Copy link

It would be nice if the checkov github action would add annotations to the files. This only requires a specific output format that is described here: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-a-warning-message

Example how this will look:
grafik

@Saarett
Copy link
Contributor

Saarett commented Jan 8, 2024

Hey @florianmutter , this is a very nice idea, but not in our roadmap. Do you wish to contribute it? 🙂 That would be very helpful and appreciated 👍

@UkklyDukkling
Copy link

I may be misunderstanding the intent of this request, but this checkov-action seems to already create annotations when run in our workflows? In fact, my team and I were looking for some flag/parameter to disable the behavior and are confused why nothing is mentioned in any documentation. There is nothing in our workflow to publish sarif results as annotations, but it seems to occur automatically with this actions output?

Screenshot 2024-01-08 at 1 02 09 PM

@florianmutter
Copy link
Author

florianmutter commented Jan 9, 2024

Hm, I will check again if we see this as well somehow. I did not see it yet. But this is what I want. Could you maybe share your workflow where you run checkov?

@florianmutter
Copy link
Author

One more question @UkklyDukkling do you have "Code Scanning alerts" enabled?
grafik

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants