Skip to content

Add SARIF upload to GitHub Code Scanning #21

Description

@ajianaz

Description

Enable cora-cli to directly upload SARIF results to GitHub Code Scanning API, making review findings visible in the PR "Security" tab.

Acceptance Criteria

  • cora review --upload-sarif uploads results via GitHub API
  • Auto-detects repository context from git remote
  • Supports GITHUB_TOKEN and GH_TOKEN for auth
  • Sets correct run_id and tool metadata in SARIF
  • Works in GitHub Actions (with GITHUB_TOKEN) and locally (with GH_TOKEN)

Implementation Notes

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions