This danger plugin provides a uniform report format for various tools.
The purpose is a simple to use plugin regardless of the tool used to find issues in your project 🕵️
This plugin was inspired by the work of warnings-ng-plugin 🙇♂️
Bandit Report
| Severity | File | Message |
|---|---|---|
| Low | example/ply/yacc_1.py:2853 | [B403-blacklist] Consider possible security implications associated with pickle module. |
| Medium | example/ply/yacc_2.py:3255 | [B102-exec_used] Use of exec detected. |
| High | example/ply/yacc_3.py:3255 | [B102-exec_used] Use of exec detected. |
Low
[B403-blacklist]
Consider possible security implications associated with pickle module.
$ gem install danger-warningsMethods and attributes from this plugin are available in
your `Dangerfile` under the `warnings` namespace.
# Create a bandit report with default settings.
warnings.report(
parser: :bandit,
file: 'reports/bandit.json'
)# Create a bandit report with a custom name, fails if any high warning exists
# and evaluates all issues (not only the changed files) .
warnings.report(
name: 'My Bandit Report',
parser: :bandit,
file: 'reports/bandit.json',
fail_error: true,
filter: false
)# Define base settings to be applied to all new reporter.
warnings.inline = true
warning.fail_error = true
# Use custom names to separate the table reports in the danger comment.
warnings.report(
name: 'Report 1',
parser: :bandit,
file: 'reports/bandit.json'
# Not necessary because already defined as default.
# inline: true,
# fail_error: true
)
warnings.report(
name: 'Report 2',
parser: :bandit,
file: 'reports/bandit.json'
# Not necessary because already defined as default.
# inline: true,
# fail_error: true
)
warnings.report(
name: 'Report 3',
parser: :bandit,
file: 'reports/bandit.json',
# Override the newly defined default settings only for this reporter.
inline: false,
fail_error: false
)These values apply to all reports.
It is possible to override the values in the report method.
| Field | Default | Description |
|---|---|---|
| warnings.inline | False |
Whether to comment as markdown report or do an inline comment on the file. |
| warnings.filter | True |
Whether to filter and report only for changes (modified, created) files. If this is set to false, all issues of a report are included in the comment. |
| warnings.fail_error | False |
Whether to fail if any High issue is reported. |
The method warnings.report(*args) is the main method of this plugin.
Configure the details of your report using the arguments passed by.
| Parameter | Class | Description |
|---|---|---|
| name | String |
A custom name for this report. If none is given, the parser name is used. Useful to separate different reports using the same common style (e.g. checkstyle). |
| parser | Symbol, String |
Define the parser to evaluate the report file. Must be a key of the supported parser |
| file | String |
Path to the file to read and parse. |
| baseline | String |
Define a baseline for your files. Useful if the report removes a path segment but is required to identify them in the repository. E.g. /src/main/java |
All default fields can be passed as parameters to report.
- inline
- filter
- fail_error
These will override the configuration for this report only.
It is not the responsibility of this plugin to exclude / include files or directories. We will only process the result and present it to you. Something like this belongs to your tool configuration before running it.
Find a list with supported report formats and their parsers.
If your desired parser is not explicitly named, look into your tools documentation - maybe you can format
the report in a different style (and give it a custom name when calling warnings.report).
any file format means that the file is most likely read line by line, so the extension is not important.
Your parser is missing and you cannot export into another format? -> Create an Issue
| Number | Name | ID | File Format | Formatter |
|---|---|---|---|---|
| 1 | Bandit | bandit | json | json |
| 2 | Pylint | pylint | any | parseable |
| 3 | RuboCop | rubocop | json, any | json, simple |