Merge pull request #8 from accurics/sarif

Updates readme to clarify code scanning support
tenable · Jun 25, 2021 · a549e42 · a549e42
2 parents 4b24816 + 5a49d3f
commit a549e42
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # Terrascan GitHub Action
-This action runs Terrascan, a static code analyzer for infrastructure as code(IaC) security best practices. It supports displaying the results of the scan in the GitHub repository's Security tab, when the `sarif_upload` input variable is set to true.
+This action runs Terrascan, a static code analyzer for infrastructure as code(IaC) security best practices. It supports displaying the results of the scan in the GitHub repository's Security tab under [code scanning alerts](https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning), when the `sarif_upload` input variable is included.
 
 ## Inputs
 ### `iac_type`
@@ -30,7 +30,7 @@ Config file path.
 The action will only warn and not error when violations are found.
 
 ### `sarif_upload`
-If true, a sarif file named terrascan.sarif will be generated with the results of the scan.
+If this variable is included, a sarif file named terrascan.sarif will be generated with the results of the scan.
 
 ## Example usage
 
@@ -64,6 +64,8 @@ jobs:
 
 Using the SARIF output option, the results of the scan will be displayed in the security tab of the repository being scanned. The example below shows how to accomplish this. More information on GitHub code scanning is available [here](https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning#about-third-party-code-scanning-tools).
 
+![Image of code scanning results](code-scanning.png)
+
 ```yaml
 on: [push]
 

diff --git a/code-scanning.png b/code-scanning.png