SARIF
How OLYDI emits SARIF and mirrors it into the GitHub Security tab.
SARIF
OLYDI emits findings in SARIF 2.1.0 so they interoperate with the GitHub Security tab and any other SARIF-aware tooling.
Ingest
The CLI writes olydi.sarif by default. The Action uploads the same document to the repository via the code-scanning API.
npx @olydi/cli scan --sarif olydi.sarif
Security-tab mirror
When run through the Action (with security-events: write), findings appear under the repository Security → Code scanning tab. Each finding carries:
- a stable
ruleIdfor the detector, - the file and region the finding applies to,
- a severity level mapped to the SARIF
leveland a security-severity score.
Dedup and fingerprints
OLYDI sets partialFingerprints so the Security tab can track a finding across commits and avoid re-alerting on an unchanged issue. The fingerprint is derived from the rule and a normalised location, not from line numbers alone, so unrelated edits do not reopen a cleared finding.
