supports sarif flag to output the desired format

Shopify · Jul 8, 2022 · f58c195 · f58c195
1 parent 4ab8f74
commit f58c195
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -221,7 +221,7 @@ Auditors can also be run individually.
 | -m    | --minseverity      | Set the lowest severity level to report (one of "error", "warning", "info") (default is "info")                                                           |
 | -e    | --exitcode         | Exit code to use if there are results with severity of "error". Conventionally, 0 is used for success and all non-zero codes for an error. (default is 2) |
 |       | --no-color         | Don't use colors in the output (default is false) |
-
+| -s    | --sarif string     | The path to output sarif report to |
 ## Configuration File
 
 The kubeaudit config can be used for two things:

diff --git a/cmd/commands/root.go b/cmd/commands/root.go
@@ -12,12 +12,14 @@ import (
 	"github.com/Shopify/kubeaudit/auditors/all"
 	"github.com/Shopify/kubeaudit/config"
 	"github.com/Shopify/kubeaudit/internal/k8sinternal"
+	"github.com/Shopify/kubeaudit/internal/sarif"
 )
 
 var rootConfig rootFlags
 
 type rootFlags struct {
 	format           string
+	sarifOut         string
 	kubeConfig       string
 	context          string
 	manifest         string
@@ -53,6 +55,7 @@ func init() {
 	RootCmd.PersistentFlags().StringVarP(&rootConfig.context, "context", "c", "", "The name of the kubeconfig context to use")
 	RootCmd.PersistentFlags().StringVarP(&rootConfig.minSeverity, "minseverity", "m", "info", "Set the lowest severity level to report (one of \"error\", \"warning\", \"info\")")
 	RootCmd.PersistentFlags().StringVarP(&rootConfig.format, "format", "p", "pretty", "The output format to use (one of \"pretty\", \"logrus\", \"json\")")
+	RootCmd.PersistentFlags().StringVarP(&rootConfig.sarifOut, "sarif", "s", "", "The path to output sarif report to")
 	RootCmd.PersistentFlags().StringVarP(&rootConfig.namespace, "namespace", "n", apiv1.NamespaceAll, "Only audit resources in the specified namespace. Not currently supported in manifest mode.")
 	RootCmd.PersistentFlags().BoolVarP(&rootConfig.includeGenerated, "includegenerated", "g", false, "Include generated resources in scan  (eg. pods generated by deployments).")
 	RootCmd.PersistentFlags().BoolVar(&rootConfig.noColor, "no-color", false, "Don't produce colored output.")
@@ -77,6 +80,13 @@ func runAudit(auditable ...kubeaudit.Auditable) func(cmd *cobra.Command, args []
 			kubeaudit.WithColor(!rootConfig.noColor),
 		}
 
+		if rootConfig.sarifOut != "" {
+			sarifReport, sarifRun := sarif.CreateSarifReport()
+			sarif.AddSarifRules(report, sarifRun)
+			sarif.AddSarifResult(report, sarifRun)
+			sarifReport.WriteFile(rootConfig.sarifOut)
+		}
+
 		switch rootConfig.format {
 		case "json":
 			printOptions = append(printOptions, kubeaudit.WithFormatter(&log.JSONFormatter{}))