import_sarif
Ingest external SARIF files to merge security findings into a normalized pipeline for deduplication, baselining, and dashboarding.
Instructions
Ingest an external SARIF file into the normalized finding pipeline.
Lets results from any SARIF-producing tool (Snyk, Veracode, CodeQL, a CI job, etc.) join the same dedup / baseline / dashboard flow as native scans. The findings are re-enriched with AST context and stable hashes on import.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| target_path | Yes | Project root the SARIF results belong to (for caching). | |
| sarif_path | Yes | Path to a SARIF 2.1.0 JSON file. | |
| scanner_name | No | Name to record as the source scanner (default 'external'). | external |
| save | No | Cache the imported findings so compare_baseline / dashboards see them (default True). |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |