Generate SARIF report for Python libs

mongodb-labs · Jun 4, 2024 · 0883907 · 0883907
1 parent b9672fd
commit 0883907
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/python/publish/action.yml b/python/publish/action.yml
@@ -42,6 +42,11 @@ runs:
         release_version: ${{ inputs.version }}
         filenames: dist/*
         token: ${{ inputs.token }}
+    - name: Generate Sarif Report
+      uses: mongodb-labs/drivers-github-tools/code-scanning-export@v2
+      with:
+        output-file: sarif-report.json
+        ref: ${{ inputs.version }}
     - name: Run publish script
       shell: bash
       run: ${{github.action_path}}/publish.sh

diff --git a/python/publish/publish.sh b/python/publish/publish.sh
@@ -2,6 +2,8 @@
 
 set -eux
 
+mv sarif-report.json $S3_ASSETS
+
 if [ "$DRY_RUN" == "false" ]; then
     echo "Uploading Release Reports"
     TARGET=s3://${AWS_BUCKET}/${PRODUCT_NAME}/${VERSION}