Merge pull request #45 from grafana/p-zizmor/finding-location-context

ezebunandu · web-flow · commit 8d8aa0c3bc87 · 2025-06-17T15:03:16.000-06:00
periodic zizmor: add finding snippet and line/column location
diff --git a/.github/workflows/periodic-zizmor.yaml b/.github/workflows/periodic-zizmor.yaml
@@ -118,18 +118,27 @@ jobs:
 
           results = []
           for result in sarif_data['runs'][0]['results']:
+              location = result['locations'][0]
+              physical_location = location['physicalLocation']
+              region = physical_location['region']
+              
               item = {
                   'repo': repo,
                   'kind': result['kind'],
                   'level': result['level'],
                   'message': result['message']['text'],
-                  'annotation': result['locations'][0]['logicalLocations'][0]['properties']['symbolic']['annotation'],
-                  'path': result['locations'][0]['logicalLocations'][0]['properties']['symbolic']['key']['Local']['given_path']
+                  'annotation': location['logicalLocations'][0]['properties']['symbolic']['annotation'],
+                  'path': location['logicalLocations'][0]['properties']['symbolic']['key']['Local']['given_path'],
+                  'startLine': region['startLine'],
+                  'endLine': region['endLine'],
+                  'startColumn': region['startColumn'],
+                  'endColumn': region['endColumn'],
+                  'snippet': region['snippet']['text']
               }
               results.append(item)
 
           for item in results:
-              print(f"Periodic zizmor scan finding: repo={item['repo']}, kind={item['kind']}, level={item['level']}, message={item['message']}, annotation={item['annotation']}, path={item['path']}")
+              print(f"Periodic zizmor scan finding: repo={item['repo']}, kind={item['kind']}, level={item['level']}, message={item['message']}, annotation={item['annotation']}, path={item['path']}, snippet={item['snippet']}, startLine={item['startLine']}, endLine={item['endLine']}, startColumn={item['startColumn']}, endColumn={item['endColumn']}")
 
       - name: Upload SARIF results
         uses: actions/github-script@v7
