SARIF reporter for jscpd — generates Static Analysis Results Interchange Format output for integration with GitHub Code Scanning and other SARIF-compatible tools.
Each detected clone is reported as a warning-level SARIF result with precise file locations (line and column). If the overall duplication percentage exceeds the configured --threshold, an additional error-level result is emitted under the duplications-threshold rule.
Output file: <output-dir>/jscpd-sarif.json
npm install @jscpd/sarif-reporterjscpd --reporters sarif --output ./reports /path/to/sourceUpload the SARIF output to GitHub to surface duplication findings inline in pull requests:
# .github/workflows/jscpd.yml
name: Code duplication check
on: [push, pull_request]
jobs:
jscpd:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run jscpd
run: npx jscpd --reporters sarif --output ./reports .
- name: Upload SARIF to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ./reports/jscpd-sarif.jsonResults appear in the Security → Code scanning tab of your repository and as inline annotations on pull request diffs.
MIT © Andrey Kucherenko