[Feature] Support Gitlab SAST report-type

[danniehansen]

We've recently started using audit-ci in our pipelines. For the tool semgrep that we use, they can output a Gitlab SAST compatible reporting format that GitLab can understand and integrate into its UI. Would be really cool to have similar reporting supporting with audit-ci.

I'm more than willing to write this reporter support into the repository if people feel like this could be valuable.

Gitlab SAST reporting schema: https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/dist/sast-report-format.json

[doricci]

I don't know if it can help but for that we are using a separate npm module @elpete/gitlab-npm-audit-parser after the audit.json report is generated.

Maybe it's possible to integrate the parser module directly to the audit-ci module?

[quinnturner]

Hi @doricci, I have two ideas for this:

1. I have a WIP PR [BREAKING] feat: Improved scripting support and TypeScript tests #297 that attempts to improve the programmatic usage of audit-ci vastly. That way, you can use it as a library and pipe the result to any parser you want.
2. With the improvement of its programmatic usage of audit-ci, we could add it as a first-party output format.