@fabasoad/sarif-to-slack 0.1.0

package/.gitattributes

@@ -0,0 +1 @@
+*.json  linguist-language=JSON-with-Comments

package/.github/CODEOWNERS

@@ -0,0 +1 @@
+* @fabasoad

package/.github/FUNDING.yml

@@ -0,0 +1,9 @@
+---
+custom:
+  [
+    "https://www.bitcoinqrcodemaker.com/?style=bitcoin&address=145HwyQAcv4vrzUumJhu7nWGAVBysX9jJH&prefix=on",
+    "https://paypal.me/fabasoad",
+  ]
+github: ["fabasoad"]
+ko_fi: fabasoad
+liberapay: fabasoad

package/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: fabasoad
+
+---
+
+#### Describe the bug
+
+A clear and concise description of what the bug is.
+
+#### Steps to Reproduce
+
+1. Run '...'
+2. See error
+
+#### Expected behavior
+
+A clear and concise description of what you expected to happen.
+
+#### Actual behavior
+
+A clear and concise description of what is happening now.
+
+#### Screenshots
+
+If applicable, add screenshots to help explain your problem.
+
+#### Technical information (please complete the following information)
+
+- OS: [e.g. Windows 10 Enterprise v.1909 (OS Build 18363.720)]
+- `sarif-to-slack-action` version [e.g. 0.1.0]
+
+#### Additional context
+
+Add any other context about the problem here.

package/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,26 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: fabasoad
+
+---
+
+### Is your feature request related to a problem? Please describe
+
+A clear and concise description of what the problem is. Ex. I'm always
+frustrated when [...]
+
+### Describe the solution you'd like
+
+A clear and concise description of what you want to happen.
+
+### Describe alternatives you've considered
+
+A clear and concise description of any alternative solutions or features you've
+considered.
+
+### Additional context
+
+Add any other context or screenshots about the feature request here.

package/.github/dependabot.yml

@@ -0,0 +1,11 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    reviewers:
+      - "fabasoad"
+    labels:
+      - "dependencies"

package/.github/pull_request_template.md

@@ -0,0 +1,59 @@
+<!-- markdownlint-disable-file MD041 -->
+
+## Pull request checklist
+
+Please check if your PR fulfills the following requirements:
+
+- [ ] I have read the [CONTRIBUTING](https://github.com/fabasoad/sarif-to-slack-action/blob/main/CONTRIBUTING.md)
+doc.
+- [ ] Tests for the changes have been added (for bug fixes / features).
+- [ ] Docs have been reviewed and added / updated if needed (for bug fixes / features).
+- [ ] Build (`yarn run build`) was run locally and any changes were pushed.
+- [ ] Tests (`yarn test`) has passed locally and any fixes were made for failures.
+
+## Pull request type
+
+<!-- Please do not submit updates to dependencies unless it fixes an issue. -->
+
+<!-- Please try to limit your pull request to one type, submit multiple pull
+requests if needed. -->
+
+Please check the type of change your PR introduces:
+
+- [ ] Bugfix
+- [ ] Feature
+- [ ] Code style update (formatting, renaming)
+- [ ] Refactoring (no functional changes, no api changes)
+- [ ] Build related changes
+- [ ] Documentation content changes
+- [ ] Other (please describe):
+
+## What is the current behavior
+<!-- Please describe the current behavior that you are modifying, or link to a
+relevant issue. -->
+
+## What is the new behavior
+<!-- Please describe the behavior or changes that are being added by this PR. -->
+
+-
+-
+-
+
+## Does this introduce a breaking change
+
+- [ ] Yes
+- [ ] No
+
+<!-- If this introduces a breaking change, please describe the impact and
+migration path for existing applications below. -->
+
+## Other information
+
+<!-- Any other information that is important to this PR such as screenshots of
+how the component looks before and after the change. -->
+<!-- This document was adapted from the open-source [appium/appium](https://github.com/appium/appium/blob/master/.github/PULL_REQUEST_TEMPLATE.md)
+repository. -->
+
+---
+
+Closes #{IssueNumber}

package/.github/workflows/linting.yml

@@ -0,0 +1,18 @@
+---
+name: Linting
+
+on: # yamllint disable-line rule:truthy
+  pull_request: {}
+  push:
+    branches:
+      - main
+
+jobs:
+  js-lint:
+    name: JS Lint
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-js-lint.yml@main
+  pre-commit:
+    name: Pre-commit
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-pre-commit.yml@main
+    with:
+      skip-hooks: "audit, build, lint, test"

package/.github/workflows/release.yml

@@ -0,0 +1,75 @@
+---
+name: Release
+
+on: # yamllint disable-line rule:truthy
+  workflow_dispatch:
+    inputs:
+      bump-strategy:
+        description: "Type of version bump to apply"
+        required: true
+        default: "patch"
+        type: choice
+        options:
+          - "patch"
+          - "minor"
+          - "major"
+
+jobs:
+  publish:
+    name: Release ${{ github.event.inputs.bump-strategy }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: write
+      packages: write
+    outputs:
+      ref: ${{ steps.metadata.outputs.ref }}
+      ref-name: ${{ steps.metadata.outputs.ref-name }}
+    steps:
+      - name: Checkout ${{ github.repository }}
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: ".tool-versions"
+          cache: "npm"
+          cache-dependency-path: "package-lock.json"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Bump version
+        run: |
+          git config user.email "fabasoad@gmail.com"
+          git config user.name "fabasoad"
+          npm run version:${{ github.event.inputs.bump-strategy }}
+
+      - name: Install jq
+        uses: dcarbone/install-jq-action@v3
+
+      - name: Get metadata
+        id: metadata
+        run: |
+          version=$(jq -r '.version' package.json)
+          echo "ref=refs/tags/v${version}" >> "$GITHUB_OUTPUT"
+          echo "ref-name=v${version}" >> "$GITHUB_OUTPUT"
+
+      - name: Publish to npm registry
+        uses: JS-DevTools/npm-publish@v3
+        with:
+          token: "${{ secrets.NPM_TOKEN }}"
+
+      - name: Publish to GitHub Packages
+        uses: JS-DevTools/npm-publish@v3
+        with:
+          token: "${{ secrets.GITHUB_TOKEN }}"
+          registry: "https://npm.pkg.github.com"
+  github:
+    name: GitHub
+    needs: [publish]
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-github-release.yml@main
+    with:
+      bump-tags: false
+      ref: ${{ needs.publish.outputs.ref }}
+      ref-name: ${{ needs.publish.outputs.ref-name }}

package/.github/workflows/security.yml

@@ -0,0 +1,19 @@
+---
+name: Security
+
+on: # yamllint disable-line rule:truthy
+  pull_request: {}
+  push:
+    branches:
+      - main
+
+jobs:
+  sast:
+    name: SAST
+    permissions:
+      contents: read
+      security-events: write
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-security-sast.yml@main
+    with:
+      code-scanning: true
+      sca: true

package/.github/workflows/sync-labels.yml

@@ -0,0 +1,13 @@
+---
+name: Labels
+
+on: # yamllint disable-line rule:truthy
+  push:
+    branches:
+      - main
+  workflow_dispatch: {}
+
+jobs:
+  maintenance:
+    name: Maintenance
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-sync-labels.yml@main

package/.github/workflows/unit-tests.yml

@@ -0,0 +1,22 @@
+---
+name: Unit Tests
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    paths:
+      - .github/workflows/unit-tests.yml
+      - .tool-versions
+      - jest.config.json
+      - package.json
+      - src/**
+      - tsconfig.json
+  push:
+    branches:
+      - main
+  workflow_dispatch: {}
+
+jobs:
+  jest:
+    name: Jest
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-js-unit-tests.yml@main
+    secrets: inherit # pragma: allowlist secret

package/.github/workflows/update-license.yml

@@ -0,0 +1,12 @@
+---
+name: License
+
+on: # yamllint disable-line rule:truthy
+  schedule:
+    # Every January 1st at 14:00 JST
+    - cron: "0 5 1 1 *"
+
+jobs:
+  maintenance:
+    name: Maintenance
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-update-license.yml@main

package/.markdownlint.yml

@@ -0,0 +1,9 @@
+---
+default: true
+MD013:
+  code_blocks: false
+  tables: false
+MD041: false
+no-inline-html:
+  allowed_elements:
+    - img

package/.markdownlintignore

@@ -0,0 +1 @@
+node_modules

package/.pre-commit-config.yaml

@@ -0,0 +1,105 @@
+---
+default_install_hook_types: ["pre-commit", "pre-push"]
+default_stages: ["pre-commit", "pre-push"]
+exclude: ^(dist/.*|etc/.*|lib/.*|node_modules/.*|temp/.*)$
+minimum_pre_commit_version: 4.0.0
+repos:
+  - repo: local
+    hooks:
+      - id: build
+        name: Build
+        entry: make build
+        language: system
+        pass_filenames: false
+        verbose: true
+        stages: ["pre-push"]
+      - id: lint
+        name: Lint
+        entry: make lint
+        language: system
+        pass_filenames: false
+        verbose: false
+        stages: ["pre-push"]
+      - id: test
+        name: Unit tests
+        entry: make test
+        language: system
+        pass_filenames: false
+        verbose: true
+        stages: ["pre-push"]
+  # Security
+      - id: audit
+        name: NPM audit
+        entry: make audit
+        language: system
+        pass_filenames: false
+        verbose: false
+        stages: ["pre-push"]
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+      - id: detect-secrets
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.27.2
+    hooks:
+      - id: gitleaks
+  - repo: https://github.com/fabasoad/pre-commit-snyk
+    rev: v1.0.2
+    hooks:
+      - id: snyk-test
+        args:
+          - --snyk-args=--all-projects --severity-threshold=low
+          - --hook-args=--log-level debug
+        stages: ["pre-push"]
+  - repo: https://github.com/fabasoad/pre-commit-grype
+    rev: v0.6.3
+    hooks:
+      - id: grype-dir
+        args:
+          - --grype-args=--by-cve --fail-on=low --exclude=**/node_modules
+          - --hook-args=--log-level debug
+        stages: ["pre-push"]
+  - repo: https://github.com/google/osv-scanner
+    rev: v2.0.3
+    hooks:
+      - id: osv-scanner
+        args:
+          - --lockfile=package-lock.json
+        verbose: true
+        stages: ["pre-push"]
+  # Markdown
+  - repo: https://github.com/igorshubovych/markdownlint-cli
+    rev: v0.45.0
+    hooks:
+      - id: markdownlint-fix
+        stages: ["pre-commit"]
+  # Yaml
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.37.1
+    hooks:
+      - id: yamllint
+        stages: ["pre-push"]
+  # GitHub Actions
+  - repo: https://github.com/rhysd/actionlint
+    rev: v1.7.7
+    hooks:
+      - id: actionlint
+        args: ["-pyflakes="]
+        stages: ["pre-commit"]
+  # Other
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-merge-conflict
+      - id: check-json
+        exclude: ^(api-extractor\.json|dist\/tsdoc-metadata\.json)$
+        stages: ["pre-push"]
+      - id: check-toml
+        stages: ["pre-push"]
+      - id: detect-private-key
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+        args: ["--fix=lf"]
+      - id: no-commit-to-branch
+        stages: ["pre-commit"]
+      - id: trailing-whitespace

package/.tool-versions

@@ -0,0 +1 @@
+nodejs 24.3.0

package/.yamllint.yml

@@ -0,0 +1,7 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 165
+    level: error

package/CONTRIBUTING.md

@@ -0,0 +1,61 @@
+# Contributing guidance
+
+We love your input! We want to make contributing to this project as easy and
+transparent as possible, whether it's:
+
+- Reporting a bug
+- Discussing the current state of the code
+- Submitting a fix
+- Proposing new features
+- Becoming a maintainer
+
+## We develop with GitHub
+
+We use GitHub to host code, to track issues and feature requests, as well as
+accept pull requests.
+
+## We use GitHub flow, so all code changes happen through pull requests
+
+Pull requests are the best way to propose changes to the codebase (we use
+[GitHub flow](https://guides.github.com/introduction/flow/index.html)). We
+actively welcome your pull requests:
+
+1. Fork the repo and create your branch from `main`.
+2. If you've added code that should be tested, add tests.
+3. If you've changed APIs, update the documentation.
+4. Ensure the test suite passes.
+5. Make sure your code lints.
+6. Issue that pull request!
+
+## Any contributions you make will be under the MIT Software License
+
+In short, when you submit code changes, your submissions are understood to be
+under the same [MIT License](http://choosealicense.com/licenses/mit/) that covers
+the project. Feel free to contact the maintainers if that's a concern.
+
+## Report bugs using [GitHub Issues](https://github.com/fabasoad/sarif-to-slack-action/issues)
+
+We use GitHub issues to track public bugs. Report a bug by opening a new issue.
+It's that easy!
+
+## Create issue using provided GitHub issue templates
+
+This repository has issue templates for bug report and feature request. Please
+use them to create an issue and fill all required fields.
+
+## Use a consistent coding style
+
+Please follow all the rules from [this](https://google.github.io/styleguide/jsguide.html)
+great guide provided by Google for coding style except of following coding styles:
+
+- File names must be all lowercase and may include dashes (-).
+
+## License
+
+By contributing, you agree that your contributions will be licensed under its
+MIT License.
+
+## References
+
+This document was adapted from the open-source contribution guidelines provided
+by [briandk](https://gist.github.com/briandk/3d2e8b3ec8daf5a27a62).

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Yevhen Fabizhevskyi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/Makefile

@@ -0,0 +1,42 @@
+.DEFAULT_GOAL := build
+
+.PHONY: audit
+audit:
+	@npm audit --all
+
+.PHONY: build
+build:
+	@npm run build
+
+.PHONY: clean
+clean:
+	@npm run clean
+
+.PHONY: install
+install:
+	@npm install
+
+.PHONY: reinstall
+reinstall:
+	@make clean
+	@npm run clean:unsafe
+	@make install
+
+.PHONY: lint
+lint:
+	@npm run lint
+
+.PHONY: test
+test:
+	@npm run test
+
+.PHONY: npm/update
+npm/update:
+	@npm update
+
+.PHONY: pre-commit/update
+pre-commit/update:
+	@pre-commit autoupdate
+
+.PHONY: update
+update: npm/update pre-commit/update

package/README.md

@@ -0,0 +1,34 @@
+# SARIF to Slack TypeScript Library
+
+[![Stand With Ukraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://stand-with-ukraine.pp.ua)
+![Releases](https://img.shields.io/github/v/release/fabasoad/sarif-to-slack-action?include_prereleases)
+![unit-tests](https://github.com/fabasoad/sarif-to-slack-action/actions/workflows/unit-tests.yml/badge.svg)
+![security](https://github.com/fabasoad/sarif-to-slack-action/actions/workflows/security.yml/badge.svg)
+![linting](https://github.com/fabasoad/sarif-to-slack-action/actions/workflows/linting.yml/badge.svg)
+[![codecov](https://codecov.io/gh/fabasoad/sarif-to-slack-action/branch/main/graph/badge.svg?token=908QOYME6H)](https://codecov.io/gh/fabasoad/sarif-to-slack-action)
+
+TypeScript library to send results of SARIF file to Slack webhook URL.
+
+## Contents
+
+<!-- TOC -->
+* [SARIF to Slack TypeScript Library](#sarif-to-slack-typescript-library)
+  * [Contents](#contents)
+  * [How to use](#how-to-use)
+  * [Sample](#sample)
+  * [Contributions](#contributions)
+<!-- TOC -->
+
+## How to use
+
+```typescript
+
+```
+
+## Sample
+
+<img alt="Sample" src="sample.png" width="450"/>
+
+## Contributions
+
+![Alt](https://repobeats.axiom.co/api/embed/a0989b54292b5c9e03ce1dd4cb23f68072f88f46.svg "Repobeats analytics image")