CodeQL

CodeQL can be used to generate a SARIF report, that can be imported into Defect Dojo:

codeql database analyze db python-security-and-quality.qls --sarif-add-snippets --format=sarif-latest --output=security-extended.sarif

The same can be achieved by running the CodeQL GitHub action with the add-snippet property set to true.

Last modified February 5, 2024: Update versions (738dca4)