You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Integrating dotTEST with GitHub allows you to review the results reported by dotTEST as GitHub scanning alerts.

To integrate with GitHub, modify your GitHub workflow to include:

  • The Run Parasoft dotTEST action, which executes  dotTEST and generates a SARIF report.

  • the action to upload the SARIF report.
  • the action to upload artifacts, such as reports in other formats (XML, HTML, etc.) or other files.

Note: Consider the following GitHub limitations regarding SARIF report upload: 

  • The number of results in a SARIF report cannot exceed 5000. Any results over this limit are ignored. Make sure you adjust your rule configuration to limit the number of findings. 
  • The size of a gzip-compressed SARIF report cannot exceed 10 MB.
  • SARIF reports do not support GitHub submodules. Violations raised in the submodules are visible in GitHub’s main repository, but are not matched with their sources, so it is not possible to review them using code snippets on GitHub.

You can find more details and example workflow configuration at https://github.com/marketplace/actions/run-parasoft-dottest.

  • No labels