Skip to content

PortSwigger Dastardly Action with SARIF Support

Notifications You must be signed in to change notification settings

chtzvt/dastardly

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Dastardly (With SARIF Support)

Welcome!

This is an extended version of PortSwigger's Dastardly action, with added support for the Static Analysis Results Interchange Format (SARIF).

This repository wraps PortSwigger's base Dastardly action, adding a script that converts the JUnit XML produced by Dastardly into SARIF for consumption by GitHub's Code Scanning tools.

Usage

Adding the Dastardly SARIF action to your workflows is simple:

  - uses: chtzvt/dastardly@v1
    with: 
        target-url: https://ginandjuice.shop/
        enable-sarif-report: true

Inputs

This action accepts the following inputs:

  • target-url: The full url (including scheme) of the site to scan.

  • enable-junit-report: Whether to enable the junit report. This will be uploaded as an artifact

  • enable-sarif-report: Whether to enable the sarif report. This will be uploaded as a code scanning result

Extra options (you probably don't need to tweak these, but they're helpful for corner cases):

  • output-filename: The filename used for the scan report. This filepath relates to the dastardly container, and will exist in the github workspace (/github/workspace)

  • upload-raw-report: Whether to upload the raw Dastardly JUnit report as an artifact

About

PortSwigger Dastardly Action with SARIF Support

Resources

Stars

Watchers

Forks

Packages

No packages published