Run the sarif-converter CLI directly from your workflows using this Docker-based GitHub Action. It converts SARIF files to other formats (HTML by default) without installing additional tooling on the runner.
jobs:
convert:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Convert SARIF to HTML
uses: b-zurg/sarif-converter@v1
with:
sarif: reports/scan.sarif
output: reports/scan.html
type: htmlsarif(required): Path to the SARIF source file relative to the repository root.output(required): Output path relative to the repository root. Ensure the parent directory exists.type(optional, defaulthtml): Value passed tosarif-converter --type.image(optional, defaultghcr.io/buzurg/sarif-converter:latest): Container image to run. Override to test a pre-release tag.
Two workflows ship with the repository and demonstrate how to automate publishing.
- Pull requests (
.github/workflows/test.yml): Validates release metadata usingpr-semver-bumpand pushes a preview image taggeddev-pr-<number>for quick testing. The workflow also exercises the published image against a sample SARIF file. - Releases (
.github/workflows/release.yml): When a labeled pull request merges tomain,pr-semver-bumpbumps the semantic version, creates the tag and GitHub release, and publishesghcr.io/<owner>/sarif-converter:latestplus:<version>.
- Label each pull request with
major,minor, orpatchsopr-semver-bumpknows how to increment the semantic version. - Include release notes in the pull request description; they are published with the GitHub release when the pull request merges.
- Preview images are available under
ghcr.io/<owner>/sarif-converter:dev-pr-<number>until the branch merges.
Instructions for running or building the Docker image outside of GitHub Actions live in DOCKER.md.