Generate optional SARIF output file

[GeekMasher]

Feature Request

Feature description :

It would be awesome to have the option to output Static Analysis Results Interchange Format / SARIF. This would allow users to then upload this file to GitHub Advance Security automatically and display the results.

This would work along side with an Action or other CI pipeline to push into GitHub.

Suggested Solution description ( if you have any ) :

Microsoft have a package that could be used called sarif-python-om.

Describe alternatives you've considered :

This might be nice for other standards too support along side SARIF.

Additional context :

Once this file gets produced users, teams, and organisations that use terraform-compliance can display results natively into GitHub for developers to see and fix it before pushing to production.

[AErmie]

This is exactly what I'm looking for, and what other Terraform scanning tools (ie. TFSec, Checkov, TFLint, TerraScan, etc.) already provide. Is there any ETA when this feature might be made available?

For reference, I've accomplished the same with these other tools; which I want to do the same with Terraform-Compliance:

• Publishing TFSec Terraform Quality Checks to Azure DevOps Pipelines
• Publishing Checkov Terraform Quality Checks to Azure DevOps Pipelines
• Publishing GitHub Super-Linter Terraform Quality Checks to Azure DevOps Pipelines