t.behrendt/tas-actions
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Releases Activity
Files
08622df7ed0b14c6bde79569ebb238da4caee0b4
tas-actions/tas-upload-sarif
History
Timo Behrendt 08622df7ed mvp
2026-02-10 19:18:45 +01:00
..
action.yml
mvp
2026-02-10 19:18:45 +01:00
README.md
mvp
2026-02-10 19:18:45 +01:00

README.md

TAS Upload SARIF

Reusable GitHub Action that uploads a SARIF report to TAS (Tea Advanced Security) and fails the job if the API responds with allowed: false (e.g. new findings above your policy).

Inputs

Input Required Description
tas-base-url Yes Base URL of the TAS API (e.g. https://tas.example.com)
sarif-file Yes Path to the SARIF report file (JSON)
owner No Repository owner (default: github.repository_owner)
repo No Repository name (default: github.event.repository.name)
branch No Branch name (default: github.ref_name)

Usage

- name: Upload SARIF to TAS and gate
  uses: your-org/tas-actions/tas-upload-sarif@v1
  with:
    tas-base-url: 'https://tas.example.com'
    sarif-file: 'results.sarif'

With explicit owner/repo/branch (e.g. for monorepos or custom refs):

- uses: your-org/tas-actions/tas-upload-sarif@v1
  with:
    tas-base-url: ${{ vars.TAS_BASE_URL }}
    sarif-file: 'scan-output.sarif'
    owner: my-org
    repo: my-repo
    branch: ${{ github.head_ref }}

Behavior

  1. POSTs the SARIF file to {tas-base-url}/repos/{owner}/{repo}/branches/{branch}/reports.
  2. On HTTP non-200, the step fails and prints the response body.
  3. On success, reads the JSON response:
    • If allowed is true, the step succeeds.
    • If allowed is false, the step fails and prints reason and the full response (e.g. new_critical, new_high, new_findings).

Requirements

  • GitHub-hosted runners: curl and jq are available by default.
  • Self-hosted runners: ensure curl and jq are installed.
Reference in New Issue View Git Blame Copy Permalink