CI: GitHub code scanning integration for detekt errors / warnings #4887
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
|
intentionally triggering detekt for demonstration, that commit will be reverted immediately after the CI is done. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
well, actually, that's a good demo. |
|
now to revert the commit! |
This reverts commit 49478bd.
|
this is how it looks inline when viewing the commit diff (and probably the PR diff too) |
|
nice |
|
Good |
This PR pretty much just adds more QoL. Nothing really useful for anyone who isn't reviewing the code for PRs.
See https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning#about-third-party-code-scanning-tools
I just stole it from the detekt docs, GitHub adds a little embed at the end of the line which shows the workflow and some other info from the SARIF file you give it.
Another tip that I discovered: If you click on the SARIF file that detekt generates, IntelliJ IDEA will show everything detekt found in the "Server-side Analysis" tab of the "Problems" view.
See https://detekt.dev/docs/introduction/reporting/#integration-with-github-code-scanning