code-scanning-standard 0.0.1.alpha

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7c4920d5be91ba59e4b5c173d219207fa772deef4a4ce9bb561aeaed582bda7e
+  data.tar.gz: 85c878c2bb7eb04877dc4c0bbdfc9752292617f1913791ac2bbbeea3ec7000d8
+SHA512:
+  metadata.gz: 457b75c1ba8c3b33af0ad3592ae7163dbb44f8dec1accb7c0417cc2d50e53079205ed9de2ce3d490685666af0bb422742480e5bd6a4db5b2a5a45d24491fcc2b
+  data.tar.gz: 5edc0dbeeb05d35bee66ec820b9f4feeb6ffa3f176bcb65f8fc259c7c585e907fb33b35d8e0b3065d9126c0385923196fee2e6c3177fba5cdfc482429537f630

data/.github/workflows/ruby.yml

@@ -0,0 +1,23 @@
+name: Ruby
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+    - name: Install dependencies
+      run: bundle install
+    - name: Run tests
+      run: bundle exec rake

data/.github/workflows/standard-analysis.yml

@@ -0,0 +1,34 @@
+name: "RuboCop"
+
+on: [push]
+
+jobs:
+  rubocop_job:
+    runs-on: ubuntu-latest
+    name: Code Scanning job run
+    strategy:
+      fail-fast: false
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+
+    - name: Install dependencies
+      run: bundle install
+
+    - name: RuboCop run
+      run: |
+        bash -c "
+          bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
+          [[ $? -ne 2 ]]
+        "
+
+    - name: Upload Sarif output
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: rubocop.sarif

data/.gitignore

@@ -0,0 +1,56 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+# .env
+
+# Ignore Byebug command history file.
+.byebug_history
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+# Used by RuboCop. Remote config files pulled in from inherit_from directive.
+# .rubocop-https?--*

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,127 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at andrewmcodes\@protonmail\.com.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

data/Dockerfile

@@ -0,0 +1,6 @@
+FROM ruby:2.7.1
+
+ARG GITHUB_WORKSPACE
+
+COPY entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]

data/Gemfile

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in code-scanning-standard.gemspec
+gemspec
+
+gem "minitest", "~> 5.0"
+gem "rake", "~> 13.0"

data/Gemfile.lock

@@ -0,0 +1,47 @@
+PATH
+  remote: .
+  specs:
+    code-scanning-standard (0.0.1.alpha)
+      standard (>= 0.5, < 1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.1)
+    minitest (5.14.2)
+    parallel (1.19.2)
+    parser (2.7.1.4)
+      ast (~> 2.4.1)
+    rainbow (3.0.0)
+    rake (13.0.1)
+    regexp_parser (1.7.1)
+    rexml (3.2.4)
+    rubocop (0.90.0)
+      parallel (~> 1.10)
+      parser (>= 2.7.1.1)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.7)
+      rexml
+      rubocop-ast (>= 0.3.0, < 1.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (0.3.0)
+      parser (>= 2.7.1.4)
+    rubocop-performance (1.8.0)
+      rubocop (>= 0.87.0)
+    ruby-progressbar (1.10.1)
+    standard (0.6.0)
+      rubocop (~> 0.90)
+      rubocop-performance (~> 1.8.0)
+    unicode-display_width (1.7.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  code-scanning-standard!
+  minitest (~> 5.0)
+  rake (~> 13.0)
+
+BUNDLED WITH
+   2.1.4

data/LICENSE

@@ -0,0 +1,21 @@
+# MIT LICENSE
+
+Copyright (c) 2020 Andrew Mason <andrewmcodes@protonmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,99 @@
+# WIP: CodeScanning::Standard
+
+'code-scanning-standard' is a gem to integrate Standard, also known as StandardRB, and GitHub's code scanning feature.
+
+The repository is composed by two components:
+
+1. The gem which can be installed in any Ruby application
+2. A default GitHub action to jumpstart usage
+
+The RubyGem adds a `SARIF` exporter to the Standard runner. GitHub's code scanning feature accepts a `SARIF` file with the 'results' (alerts) generated by the tool.
+
+The action, is what will run Standard with the exporter.
+
+> Note: you can only run the gem within your application, and have our own action that calls Standard.
+
+See more in the Installation and Usage sections.
+
+## Action Installation
+
+The easiest way to install the integration, is this action template below. It will install the gem in your app and run it from you within GitHub's action environment.
+
+To install the action, create a file: `.github/workflows/standard-analysis.yml`.
+
+It should look like:
+
+```yaml
+# .github/workflows/standard-analysis.yml
+name: "Standard"
+
+on: [push]
+
+jobs:
+  standard:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Set up Ruby 2.7.1
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.7.1
+      # This step is not necessary if you add the gem to your Gemfile
+      - name: Install Code Scanning integration
+        run: bundle add code-scanning-standard --skip-install
+      - name: Install dependencies
+        run: bundle install
+      - name: Standard run
+        run: |
+          bash -c "
+            bundle exec standard --require code_scanning --format CodeScanning::SarifFormatter -o standard.sarif
+            [[ $? -ne 2 ]]
+          "
+
+      - name: Upload Sarif output
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: standard.sarif
+```
+
+## Gem installation & usage in a custom action
+
+Note: this is not necessary if you use the action above.
+
+To install the gem add this line to your application's Gemfile:
+
+```ruby
+gem 'code-scanning-standard'
+```
+
+Then, in your custom GitHub's action, you need to run Standard and make sure you give it the `SarifFormatter`:
+
+```bash
+bundle exec standardrb --require code_scanning --format CodeScanning::SarifFormatter -o standard.sarif
+```
+
+As a last step, make sure you upload the `standard.sarif` file to the code-scan integration. That will create the Code Scanning alerts.
+Thus, add this step to your custom Standard workflow:
+
+```yaml
+- name: Upload Sarif output
+  uses: github/codeql-action/upload-sarif@v1
+  with:
+    sarif_file: standard.sarif
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/andrewmcodes/code-scanning-standard. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/andrewmcodes/code-scanning-standard/blob/main/CODE_OF_CONDUCT.md).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the Code::Scanning::Rubocop project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/andrewmcodes/code-scanning-standard/blob/main/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
+end
+
+task :generate_rules do
+  require_relative "lib/code_scanning/rules_generator"
+
+  begin
+    output_file = "#{Time.now.strftime('%Y%m%d')}.sarif"
+    puts "Cloning rubocop repository to read manuals"
+    puts
+
+    sh "git clone git@github.com:testdouble/standard.git _tmp"
+
+    gen = QHelpGenerator.new
+    Dir["_tmp/manual/cops_*.md"].each do |f|
+      gen.parse_file(f)
+    end
+    puts
+    puts "Writing rules help sarif to '#{output_file}' file"
+    puts
+    File.write(output_file, gen.sarif_json)
+  ensure
+    sh "rm -rf _tmp"
+  end
+end
+
+task default: :test

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "code_scanning"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/code-scanning-standard.gemspec

@@ -0,0 +1,33 @@
+require_relative "lib/code_scanning/standard/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "code-scanning-standard"
+  spec.version = CodeScanning::Standard::VERSION
+  spec.authors = ["Andrew Mason"]
+  spec.email = %w[andrewmcodes@protonmail.com]
+  spec.summary = "Extra formater to make StandardRB compatible with GitHub's code-scanning feature."
+  spec.description = "This gem adds a SARIF formatter to Standard, so we can export alerts as code scans inside of GitHub."
+  spec.homepage = "https://github.com/andrewmcodes/code-scanning-standard"
+  spec.license = "MIT"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
+
+  spec.metadata = {
+    # "allowed_push_host" => "TODO: Set to 'http://mygemserver.com'"
+    "bug_tracker_uri" => "#{spec.homepage}/issues",
+    "changelog_uri" => "#{spec.homepage}/blob/main/CHANGELOG.md",
+    "documentation_uri" => spec.homepage,
+    "homepage_uri" => spec.homepage,
+    "source_code_uri" => spec.homepage
+  }
+
+  spec.files =
+    Dir.chdir(File.expand_path("..", __FILE__)) do
+      `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+    end
+
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = %w[lib]
+
+  spec.add_dependency "standard", ">= 0.5", "< 1"
+end

data/entrypoint.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -x
+
+cd $GITHUB_WORKSPACE
+
+# Install correct bundler version
+gem install bundler -v "$(grep -A 1 "BUNDLED WITH" Gemfile.lock | tail -n 1)"
+
+bundle add code-scanning-standard --version 0.2.0  --skip-install
+
+bundle install
+bundle exec standard --require code_scanning --format CodeScanning::SarifFormatter -o standard.sarif
+
+if [ ! -f standard.sarif ]; then
+    exit 1
+else
+    exit 0
+fi

data/lib/code_scanning.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require "standard"
+require "rubocop"
+
+module CodeScanning
+end
+
+require_relative "code_scanning/standard/sarif_formatter"

data/lib/code_scanning/rules_generator.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require_relative "../code_scanning"
+
+class QHelpGenerator
+  def initialize
+    @formatter = CodeScanning::SarifFormatter.new(nil)
+  end
+
+  def parse_file(path_to_file)
+    file = File.open(path_to_file)
+    current_rule = nil
+    file.each_with_index do |line, index|
+      # title: skip
+      next if index.zero?
+
+      if line[0..2] == "## "
+        current_cop = line[3..-2]
+        current_rule, _index = @formatter.get_rule(current_cop, nil)
+        next
+      end
+
+      next if current_rule.nil?
+      if line == "\n" && current_rule.help_empty?
+        # Don't start the help text with new lines
+        next
+      end
+
+      current_rule.append_help(line)
+    end
+  end
+
+  def sarif_json
+    @formatter.sarif_json
+  end
+end

data/lib/code_scanning/standard/rule.rb

@@ -0,0 +1,99 @@
+# frozen_string_literal: true
+
+require "pathname"
+
+module CodeScanning
+  class Rule
+    def initialize(cop_name, severity = nil)
+      @cop_name = cop_name
+      @severity = severity.to_s
+      @cop = RuboCop::Cop::Cop.registry.find_by_cop_name(cop_name)
+      @help = StringIO.new
+    end
+
+    def id
+      @cop_name
+    end
+
+    def append_help(line)
+      @help.print(line)
+    end
+
+    def help_empty?
+      @help.size.zero?
+    end
+
+    def ==(other)
+      badge.match?(other.badge)
+    end
+    alias_method :eql?, :==
+
+    def badge
+      @cop.badge
+    end
+
+    def sarif_severity
+      cop_severity = @cop.new.send(:find_severity, nil, @severity)
+      return cop_severity if %w[warning error].include?(cop_severity)
+      return "note" if %w[refactor convention].include?(cop_severity)
+      return "error" if cop_severity == "fatal"
+
+      "none"
+    end
+
+    # The URL for the docs are in this format:
+    # https://docs.rubocop.org/en/stable/cops_layout/#layoutblockendnewline
+    def query_uri
+      kind = badge.department.to_s.downcase
+      full_name = "#{kind}#{badge.cop_name.downcase}"
+      "https://docs.rubocop.org/en/stable/cops_#{kind}/##{full_name}"
+    end
+
+    def to_json(opts = {})
+      to_h.to_json(opts)
+    end
+
+    def cop_config
+      @config ||= RuboCop::ConfigStore.new.for(Pathname.new(Dir.pwd))
+      @cop_config ||= @config.for_cop(@cop.department.to_s)
+        .merge(@config.for_cop(@cop))
+    end
+
+    def to_h
+      properties = {
+        "precision" => "very-high"
+      }
+
+      h = {
+        "id" => @cop_name,
+        "name" => @cop_name,
+        "defaultConfiguration" => {
+          "level" => sarif_severity
+        },
+        "properties" => properties
+      }
+
+      desc = cop_config["Description"]
+      unless desc.nil?
+        h["shortDescription"] = {"text" => desc }
+        h["fullDescription"] = { "text" => desc }
+        properties["description"] = desc
+      end
+
+      unless help_empty?
+        help = @help.string
+        h["help"] = {
+          "text" => help,
+          "markdown" => help
+        }
+        properties["queryURI"] = query_uri if badge.qualified?
+      end
+
+      if badge.qualified?
+        kind = badge.department.to_s
+        properties["tags"] = [kind.downcase]
+      end
+      h
+    end
+  end
+end

data/lib/code_scanning/standard/sarif_formatter.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require "json"
+require_relative "rule"
+
+module CodeScanning
+  class SarifFormatter < RuboCop::Formatter::BaseFormatter
+    def initialize(output, options = {})
+      super
+      @sarif = {
+        "$schema" => "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+        "version" => "2.1.0"
+      }
+      @rules_map = {}
+      @rules = []
+      @results = []
+      @sarif["runs"] = [
+        {
+          "tool" => {
+            "driver" => {"name" => "Standard", "rules" => @rules }
+          },
+          "results" => @results
+        }
+      ]
+    end
+
+    def get_rule(cop_name, severity)
+      r = @rules_map[cop_name]
+      if r.nil?
+        rule = Rule.new(cop_name, severity&.name)
+        r = @rules_map[cop_name] = [rule, @rules.size]
+        @rules << rule
+      end
+
+      r
+    end
+
+    def file_finished(file, offenses)
+      relative_path = RuboCop::PathUtil.relative_path(file)
+
+      offenses.each do |o|
+        rule, rule_index = get_rule(o.cop_name, o.severity)
+        @results << {
+          "ruleId" => rule.id,
+          "ruleIndex" => rule_index,
+          "message" => {
+            "text" => o.message
+          },
+          "locations" => [
+            {
+              "physicalLocation" => {
+                "artifactLocation" => {
+                  "uri" => relative_path,
+                  "uriBaseId" => "%SRCROOT%",
+                  "index" => 0
+                },
+                "region" => {
+                  "startLine" => o.line,
+                  "startColumn" => o.real_column,
+                  "endColumn" => o.last_column
+                }
+              }
+            }
+          ],
+          "partialFingerprints" => {
+            # This will be computed by the upload action for now
+          }
+        }
+      end
+    end
+
+    def finished(_inspected_files)
+      output.print(sarif_json)
+    end
+
+    def sarif_json
+      JSON.pretty_generate(@sarif)
+    end
+  end
+end

data/lib/code_scanning/standard/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module CodeScanning
+  module Standard
+    VERSION = "0.0.1.alpha"
+  end
+end

data/standard-action/action.yml

@@ -0,0 +1,5 @@
+name: "Standard code-scanning"
+description: "Standard and code-scanning integration"
+runs:
+  using: "docker"
+  image: "../Dockerfile"

metadata

@@ -0,0 +1,90 @@
+--- !ruby/object:Gem::Specification
+name: code-scanning-standard
+version: !ruby/object:Gem::Version
+  version: 0.0.1.alpha
+platform: ruby
+authors:
+- Andrew Mason
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2020-09-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: standard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1'
+description: This gem adds a SARIF formatter to Standard, so we can export alerts
+  as code scans inside of GitHub.
+email:
+- andrewmcodes@protonmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/ruby.yml"
+- ".github/workflows/standard-analysis.yml"
+- ".gitignore"
+- CODE_OF_CONDUCT.md
+- Dockerfile
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- code-scanning-standard.gemspec
+- entrypoint.sh
+- lib/code_scanning.rb
+- lib/code_scanning/rules_generator.rb
+- lib/code_scanning/standard/rule.rb
+- lib/code_scanning/standard/sarif_formatter.rb
+- lib/code_scanning/standard/version.rb
+- standard-action/action.yml
+homepage: https://github.com/andrewmcodes/code-scanning-standard
+licenses:
+- MIT
+metadata:
+  bug_tracker_uri: https://github.com/andrewmcodes/code-scanning-standard/issues
+  changelog_uri: https://github.com/andrewmcodes/code-scanning-standard/blob/main/CHANGELOG.md
+  documentation_uri: https://github.com/andrewmcodes/code-scanning-standard
+  homepage_uri: https://github.com/andrewmcodes/code-scanning-standard
+  source_code_uri: https://github.com/andrewmcodes/code-scanning-standard
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: Extra formater to make StandardRB compatible with GitHub's code-scanning
+  feature.
+test_files: []