diff --git a/docs/src/content/docs/reference/scripts/annotations.md b/docs/src/content/docs/reference/scripts/annotations.md index b0deba6120..8c774c6112 100644 --- a/docs/src/content/docs/reference/scripts/annotations.md +++ b/docs/src/content/docs/reference/scripts/annotations.md @@ -18,7 +18,7 @@ If you use `annotation` in your script text and you do not specify the `system` Using the `system.annotations` system prompt, you can have the LLM generate errors, warnings and notes. -```js "\"system.annotations\"" +```js ""system.annotations"" script({ ... system: [..., "system.annotations"] @@ -27,7 +27,7 @@ script({ ## Line numbers -The "system.annotations" prompt automatically enables line number injection for all `def` section. This helps +The "system.annotations" prompt automatically enables line number injection for all `def` section. This helps with the precision of the LLM answer and reduces hallucinations. ## GitHub Action Commands @@ -42,7 +42,7 @@ through the **Problems** panel. The diagnostics will also appear as squiggly lin ## Static Analysis Results Interchange Format (SARIF) -GenAIScript will convert those into SARIF files that can be uploaded to GitHub Actions as security reports, similarly to CodeQL reports. +GenAIScript will convert those into SARIF files that can be uploaded as [security reports](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning), similarly to CodeQL reports. The [SARIF Viewer](https://marketplace.visualstudio.com/items?itemName=MS-SarifVSCode.sarif-viewer) extension can be used to visualize the reports. @@ -56,3 +56,10 @@ extension can be used to visualize the reports. with: sarif_file: result.sarif ``` + +### Limitations + +- Access to security reports may vary based on your repository visibilty and organization + rules. See [GitHub Documentation](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts) for more help. +- Your organization may restrict the execution of GitHub Actions on Pull Requests. + See [GitHub Documentation](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#about-github-actions-permissions-for-your-repository) for more help. diff --git a/packages/cli/src/sarif.ts b/packages/cli/src/sarif.ts index ad91ebc890..468e7cc3c8 100644 --- a/packages/cli/src/sarif.ts +++ b/packages/cli/src/sarif.ts @@ -1,4 +1,4 @@ -import { TOOL_ID, CORE_VERSION } from "genaiscript-core" +import { SARIFF_RULEID_PREFIX, SARIFF_BUILDER_URL, SARIFF_BUILDER_TOOL_DRIVER_NAME, CORE_VERSION } from "genaiscript-core" import { SarifBuilder, SarifRunBuilder, @@ -17,12 +17,12 @@ export function convertDiagnosticsToSARIF( issues: Diagnostic[] ) { const sarifRunBuilder = new SarifRunBuilder().initSimple({ - toolDriverName: TOOL_ID, + toolDriverName: SARIFF_BUILDER_TOOL_DRIVER_NAME, toolDriverVersion: CORE_VERSION, - url: "https://github.com/microsoft/genaiscript/", + url: SARIFF_BUILDER_URL, }) const sarifRuleBuiler = new SarifRuleBuilder().initSimple({ - ruleId: template.id, + ruleId: SARIFF_RULEID_PREFIX + template.id, shortDescriptionText: template.title, fullDescriptionText: template.description, }) diff --git a/packages/core/src/constants.ts b/packages/core/src/constants.ts index 3da81a1b3d..da4f8a3088 100644 --- a/packages/core/src/constants.ts +++ b/packages/core/src/constants.ts @@ -30,4 +30,7 @@ export const SYSTEM_FENCE = "---" export const MAX_DATA_REPAIRS = 1 export const NPM_CLI_PACKAGE = "genaiscript" export const AICI_CONTROLLER = "gh:microsoft/aici/jsctrl" -export const ICON_LOGO_NAME = "genaiscript-logo" \ No newline at end of file +export const ICON_LOGO_NAME = "genaiscript-logo" +export const SARIFF_RULEID_PREFIX = "genascript/" +export const SARIFF_BUILDER_URL = "https://github.com/microsoft/genaiscript/" +export const SARIFF_BUILDER_TOOL_DRIVER_NAME = TOOL_ID \ No newline at end of file