metrics for sarif code security analysis

[MFaisalZaki]

Hello,

I have this sarif file which I generated using CodeQL analysis. I was hoping to use metrics to provide a status bar showing error and warning message statistics on the repo itself.

lgtm-security-capstone.sarif.zip

[lowlighter]

Hi 👋 !

Sorry for the late notice !

I need to read a bit more about sarif format since I'm not too familiar with it.

Looking at the report, it should be doable since it's just a JSON to parse, but the question would mostly be how to feed the Sarif file to the action. Like is it supposed to be pushed as an artifact by the previous job from current workflow run, or is it expected to provide a file path upon which the action will read the output ?