Skip to content

Latest commit

 

History

History

README.md

@jscpd/sarif-reporter

SARIF reporter for jscpd — generates Static Analysis Results Interchange Format output for integration with GitHub Code Scanning and other SARIF-compatible tools.

Each detected clone is reported as a warning-level SARIF result with precise file locations (line and column). If the overall duplication percentage exceeds the configured --threshold, an additional error-level result is emitted under the duplications-threshold rule.

Output file: <output-dir>/jscpd-sarif.json

Installation

npm install @jscpd/sarif-reporter

Usage

jscpd --reporters sarif --output ./reports /path/to/source

GitHub Code Scanning integration

Upload the SARIF output to GitHub to surface duplication findings inline in pull requests:

# .github/workflows/jscpd.yml
name: Code duplication check
on: [push, pull_request]

jobs:
  jscpd:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run jscpd
        run: npx jscpd --reporters sarif --output ./reports .

      - name: Upload SARIF to GitHub Code Scanning
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: ./reports/jscpd-sarif.json

Results appear in the Security → Code scanning tab of your repository and as inline annotations on pull request diffs.

License

MIT © Andrey Kucherenko