This topic explains how to review the results of static analysis with Jtest on GitHub.

Introduction

To display results of static analysis as GitHub code scanning alerts, you need to upload the results to GitHub in the SARIF (Static Analysis Results Interchange Format) format. Parasoft provides a GitHub action that allows you to run  Jtest and automatically generate a SARIF report to be uploaded to GitHub. Alternatively, you can run analysis independently of GitHub and then manually upload the results.

For your convenience, we recommend running analysis and uploading results to GitHub using the GitHub action.

Uploading Results to GitHub with the GitHub Action (Recommended)

Add the  Run Parasoft Jtest action to your GitHub workflow file. The action automatically generates a SARIF report when the workflow executes. The report can then be uploaded to GitHub to enable reviewing the results as GitHub scanning alerts directly in your project. See the details at https://github.com/marketplace/actions/run-parasoft-jtest.

Manually Uploading Results to GitHub

If you want to run analysis outside of your GitHub workflow and manually upload the SARIF report to GitHub, you need to configure the SARIF report format and ensure that your GitHub repository is properly configured with  Jtest settings.

  1. Ensure that the settings for Git are properly configured in the jtestcli.properties. See Connecting to Source Control and Git Source Control Settings for details.

  2. Configure Jtest information about repositories, file paths, and revisions in the Jtest report by setting the report.scontrol option to min or full; see report.scontrol.

  3. Configure Jtest to generate the report in the SARIF format; see report.format.

  4. Upload the SARIF report to GitHub; see GitHub Docs for details.

  • No labels