From c7d6db8ee2ce40314e3e36ea641bba910e1d1b2a Mon Sep 17 00:00:00 2001 From: Virgil Date: Wed, 1 Apr 2026 11:59:46 +0000 Subject: [PATCH] feat(lint): add sarif output for catalog checks Co-Authored-By: Virgil --- cmd/core-lint/main.go | 8 +++++++- cmd/core-lint/main_test.go | 28 ++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/cmd/core-lint/main.go b/cmd/core-lint/main.go index 211fa07..2da5c74 100644 --- a/cmd/core-lint/main.go +++ b/cmd/core-lint/main.go @@ -306,6 +306,12 @@ func newCheckCommand() *cli.Command { return lintpkg.WriteJSON(command.OutOrStdout(), findings) case "jsonl": return lintpkg.WriteJSONL(command.OutOrStdout(), findings) + case "sarif": + report := lintpkg.Report{ + Findings: findings, + Summary: lintpkg.Summarise(findings), + } + return lintpkg.WriteReportSARIF(command.OutOrStdout(), report) default: lintpkg.WriteText(command.OutOrStdout(), findings) if format == "text" && len(findings) > 0 { @@ -315,7 +321,7 @@ func newCheckCommand() *cli.Command { } }) - cli.StringFlag(command, &format, "format", "f", "text", "Output format: text, json, jsonl") + cli.StringFlag(command, &format, "format", "f", "text", "Output format: text, json, jsonl, sarif") cli.StringFlag(command, &language, "lang", "l", "", "Filter rules by language") cli.StringFlag(command, &severity, "severity", "s", "", "Minimum severity threshold (info, low, medium, high, critical)") diff --git a/cmd/core-lint/main_test.go b/cmd/core-lint/main_test.go index 4ad902b..0fe9482 100644 --- a/cmd/core-lint/main_test.go +++ b/cmd/core-lint/main_test.go @@ -167,6 +167,34 @@ func TestCLI_Tools_TextIncludesMetadata(t *testing.T) { assert.Contains(t, text, "entitlement=lint.security") } +func TestCLI_LintCheck_SARIF(t *testing.T) { + buildCLI(t) + + repoRoot := repoRoot(t) + stdout, stderr, exitCode := runCLI(t, repoRoot, "lint", "check", "--format", "sarif", "tests/cli/lint/check/fixtures") + assert.Equal(t, 0, exitCode, stderr) + + var sarif struct { + Version string `json:"version"` + Runs []struct { + Tool struct { + Driver struct { + Name string `json:"name"` + } `json:"driver"` + } `json:"tool"` + Results []struct { + RuleID string `json:"ruleId"` + } `json:"results"` + } `json:"runs"` + } + require.NoError(t, json.Unmarshal([]byte(stdout), &sarif)) + require.Equal(t, "2.1.0", sarif.Version) + require.Len(t, sarif.Runs, 1) + assert.Equal(t, "core-lint", sarif.Runs[0].Tool.Driver.Name) + require.Len(t, sarif.Runs[0].Results, 1) + assert.Equal(t, "go-cor-003", sarif.Runs[0].Results[0].RuleID) +} + func TestCLI_HookInstallRemove(t *testing.T) { if _, err := exec.LookPath("git"); err != nil { t.Skip("git not available")