SARIF Integration
SARIF (Static Analysis Results Interchange Format) is the standard output format for linters, static analysis, and security scanners — Trivy, Semgrep, CodeQL, ESLint (via formatter), and many others. cdviz-collector send --run testsuiterun_sarif wraps the scan, collects the SARIF report, and emits testSuiteRun.started / testSuiteRun.finished CDEvents so quality gates show up next to your delivery events.
Setup
bash
# SARIF output collected from **/*.sarif after the scan exits
cdviz-collector send --run testsuiterun_sarif \
--metadata "tested_artifact_id=pkg:oci/my-app@sha256:$IMAGE_SHA" \
--url "$CDVIZ_URL" \
--header "Authorization: Bearer $CDVIZ_TOKEN" \
-- trivy image --format sarif --output results.sarif my-app:latest- The built-in glob picks up
**/*.sarifand**/*.sarif.json; pass--data path/to/report.sarifto target a specific file. - Branch, commit, and job name are auto-detected from CI environment variables — see CI auto-detection.
tested_artifact_idlinks the scan to the artifact it analyzed.
Works the same for any SARIF producer:
bash
cdviz-collector send --run testsuiterun_sarif \
--url "$CDVIZ_URL" \
-- semgrep scan --sarif --output=results.sarifRelated
- JUnit Reports and pytest — same pattern for test results
- CI pipelines: GitHub Actions CI, GitLab CI, Jenkins
- Full flag list:
send --runreference