A tool to manage SARIF files and integrations
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
SARIF Manager - NightVision
A simple CLI tool to assist with integrating NightVision DAST output to different providers. This CLI tool parses SARIF files generated by the NightVision CLI and output the results for different providers, like Azure DevOps, Slack, etc.
Currently supported providers:
- Azure DevOps
- Slack Notifications
- PDF Report Generation
Roadmap:
- GitLab CI/CD
- Jenkins
Note: GitHub Actions is supported natively by NightVision. See the documentation here.
Installation
pip install sarif-manager
Usage
sarif-manager --help
Example
Azure DevOps
Write logs in a pipeline:
azure write-logs \
example.sarif \
--org nightvision1 \
--project temporary
Create work items:
sarif-manager azure create-work-items \
example.sarif \
--org nightvision1 \
--project temporary
Example Output for `sarif-manager azure create-work-items`
Work item created - SQL Injection - PostgreSQL: https://dev.azure.com/nightvision1/ddb231ed-4bb7-43af-93fb-e3769c5055e6/_workitems/edit/126 Work item created - SQL Injection - PostgreSQL: https://dev.azure.com/nightvision1/ddb231ed-4bb7-43af-93fb-e3769c5055e6/_workitems/edit/127
Slack
See the Slack Integration instructions on how to create an app and generate a token.
You can run the command with the token and channel declared as environment variables (recommended):
export SLACK_CHANNEL=channel_id
export SLACK_BOT_TOKEN=my_token
sarif-manager slack send example.sarif
You can attach a PDF report to the Slack message:
sarif-manager slack send example.sarif --attach-pdf
You can also run the command with the token and channel inline:
sarif-manager slack send \
example.sarif \
--channel <channel_id> \
--token <token_value
PDF Generation
Generate a PDF report from a SARIF file:
sarif-manager pdf generate example.sarif example.pdf --target-name "Example report" --target-url "https://example.com"
# You don't have to include the target-name and target-url if you don't want to
sarif-manager pdf generate example.sarif example.pdf
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sarif_manager-0.4.2.tar.gz.
File metadata
- Download URL: sarif_manager-0.4.2.tar.gz
- Upload date:
- Size: 114.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
acccbdbaaf5fe8d1ed7a438e51356959beb66f40285feae128270ff2cf0b7614
|
|
| MD5 |
b545240776417d1b1c99f792106ca100
|
|
| BLAKE2b-256 |
0dbec6666775d2eec742dea7728b8bfd6d8de0f826ea28b7012469b8b5200dfa
|
Provenance
The following attestation bundles were made for sarif_manager-0.4.2.tar.gz:
Publisher:
publish-pypi.yml on NimblerSecurity/sarif-manager
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sarif_manager-0.4.2.tar.gz -
Subject digest:
acccbdbaaf5fe8d1ed7a438e51356959beb66f40285feae128270ff2cf0b7614 - Sigstore transparency entry: 167330672
- Sigstore integration time:
-
Permalink:
NimblerSecurity/sarif-manager@3cf32e5ef872bef743e9e045db127b4cf738b470 -
Branch / Tag:
refs/tags/0.4.2 - Owner: https://github.com/NimblerSecurity
-
Access:
internal
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@3cf32e5ef872bef743e9e045db127b4cf738b470 -
Trigger Event:
release
-
Statement type:
File details
Details for the file sarif_manager-0.4.2-py3-none-any.whl.
File metadata
- Download URL: sarif_manager-0.4.2-py3-none-any.whl
- Upload date:
- Size: 29.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
04a43f41a32c1ba1ae7364d6d342603de9266ebb56db23eda385b0217ce24716
|
|
| MD5 |
63e16ebe6ffe07aec26763eff711880c
|
|
| BLAKE2b-256 |
c79aaaeb06d358b4ff79618148ffbe35794092c779d1405637d78ea04ee00a49
|
Provenance
The following attestation bundles were made for sarif_manager-0.4.2-py3-none-any.whl:
Publisher:
publish-pypi.yml on NimblerSecurity/sarif-manager
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sarif_manager-0.4.2-py3-none-any.whl -
Subject digest:
04a43f41a32c1ba1ae7364d6d342603de9266ebb56db23eda385b0217ce24716 - Sigstore transparency entry: 167330674
- Sigstore integration time:
-
Permalink:
NimblerSecurity/sarif-manager@3cf32e5ef872bef743e9e045db127b4cf738b470 -
Branch / Tag:
refs/tags/0.4.2 - Owner: https://github.com/NimblerSecurity
-
Access:
internal
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@3cf32e5ef872bef743e9e045db127b4cf738b470 -
Trigger Event:
release
-
Statement type:
