Skip to content

feat: Add detailed findings output to GitHub Actions logs #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
williambrady merged 2 commits into from
Jan 12, 2026
Merged

feat: Add detailed findings output to GitHub Actions logs #7

williambrady merged 2 commits into from
Jan 12, 2026

Conversation

@williambrady
Copy link
Owner

@williambrady williambrady commented Jan 12, 2026

Summary

  • Add detailed findings output to GitHub Actions console logs for better visibility
  • Each finding displays scanner name, rule ID, file path, and line number
  • Findings are grouped by severity for easier triage

Problem

The GitHub Actions logs only showed summary counts and a brief list of top findings in the step summary. This made it difficult to:

  • Identify which scanner detected each issue
  • Find exact file and line locations
  • Understand the full scope of findings without downloading artifacts

Solution

Added a "Detailed Findings" section in entrypoint.sh that outputs all findings to the console with:

  • [tool] prefix (e.g., [checkov], [gitleaks])
  • Rule ID and title
  • File path and line number
  • Resource name (for IaC findings)
  • Truncated description and remediation guidance

Example output:

--- CRITICAL ---

[gitleaks] github-pat: Secret detected: GitHub Personal Access Token
  Location: .claude/settings.local.json:10
  Remediation: Remove the hardcoded secret and use environment variables...

--- HIGH ---

[trivy] AVD-AWS-0057: IAM policy should avoid use of wildcards
  Location: cloudformation/github-oidc-terraform-state.yaml
  Resource: cloudformation/github-oidc-terraform-state.yaml:171-218

Test plan

  • Run scanner locally and verify detailed output appears
  • Trigger GitHub Actions workflow and check logs for findings details
  • Verify findings are grouped by severity

feat: Add detailed findings output to GitHub Actions logs
f46228b 
Previously, the GitHub Actions logs only showed summary counts and top 10
findings in the step summary. This made it difficult to see which scanner
detected each issue and the exact file/line locations.

Changes:
- Add "Detailed Findings" section that outputs all findings to console
- Each finding shows: [tool] rule_id, title, file:line location
- Findings grouped by severity (CRITICAL -> LOW)
- Include resource name for IaC findings
- Include truncated description and remediation guidance
@augmentcode
Copy link

augmentcode bot commented Jan 12, 2026

🤖 Augment PR Summary

Summary: Adds a “Detailed Findings” section to GitHub Actions logs so all scanner findings are visible in the console, not just counts/top items.
Changes:

  • Reads the generated JSON report and sorts/group findings by severity.
  • Logs each finding with tool, rule ID/title, file+line, and optional resource/description/remediation (with truncation).
Notes: Uses GitHub Actions log groups (via ::group::/::endgroup::) to keep output collapsible.

🤖 Was this summary useful? React with 👍 or 👎

augmentcode[bot]
augmentcode bot reviewed Jan 12, 2026
View reviewed changes
Copy link

@augmentcode augmentcode bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. 2 suggestions posted.

Fix All in Augment

Comment augment review to trigger a new review at any time.

fix: Address review comments for consistency
dae4139 
- Use 'INFO' as default severity (matches sort order) instead of 'UNKNOWN'
- Check `line is not None` instead of truthy check to handle line 0
ghaworkflow
ghaworkflow approved these changes Jan 12, 2026
View reviewed changes
Copy link
Collaborator

@ghaworkflow ghaworkflow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets see what this looks like downstream.

@williambrady williambrady merged commit 3825860 into main Jan 12, 2026
5 checks passed
@williambrady williambrady deleted the feature/detailed-findings-output branch January 12, 2026 02:53
@github-actions github-actions bot mentioned this pull request Jan 12, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ghaworkflow ghaworkflow ghaworkflow approved these changes

+1 more reviewer

@augmentcode augmentcode[bot] augmentcode[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@williambrady @ghaworkflow