HarnessReport converts CI security findings into SARIF, GitHub, and GitLab formats
HarnessReport is an open-source adapter tool that converts HarnessDelta's redacted JSON security findings into three standard CI formats: SARIF 2.1.0, GitHub Actions workflow annotations, and GitLab Code Quality JSON. HarnessDelta detects semantic risks in AI coding-agent configurations such as Codex and Claude Code, while HarnessReport handles only the format conversion without rescanning repositories or reinterpreting findings. The tool maps finding severity levels to native CI equivalents and supports a configurable failure threshold to optionally block pipelines on high-severity results. Version 0.3.0 is MIT licensed, has zero runtime dependencies, runs entirely offline, and passes 14 tests across all supported output formats. The tool is maintained as part of the Nekoautomata Miki open-source portfolio and is available via a Codeberg npm registry.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in