Code scanning

You can display the results of the Meterian analysis directly on your repository on GitHub via the Static Analysis Results Interchange Format (SARIF) report. Here is how it's done with our GitHub action.

Request the generation of a SARIF report from the Meterian GitHub action

uses: MeterianHQ/meterian-github-action@v1.0.17
  cli_args: "--report-sarif=report.sarif"

Upload the report via GitHub's official action upload-sarif

uses: github/codeql-action/upload-sarif@v3
if: success() || failure()
  sarif_file: report.sarif

In the above example we are using the workflow step special functions success() and failure() to ensure the upload always takes place

Once the upload is completed, GitHub will create code scanning alerts in your repository using information from the SARIF report we have just uploaded as part of the code scanning experience.

View the results in the Security tab of your repository under the Vulnerability alerts section

Last updated