Skip to content

SARIF Integration

cloud-audit generates SARIF v2.1.0 output compatible with GitHub Code Scanning.

cloud-audit scan --format sarif --output results.sarif

Upload to GitHub:

- uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: results.sarif

Findings appear in the GitHub Security tab under Code Scanning alerts. Each finding includes severity, description, remediation guidance, and CIS compliance references.