Integrate ShellCheck with Vulnetix. Lint shell scripts for bugs and security issues, convert to SARIF, and upload results.
Shell / BashCLI toolSARIF
Install & scan
$ uv run --with shellcheck-py shellcheck --version $ # ShellCheck doesn't output SARIF natively — use JSON + converter uv run --with shellcheck-py shellcheck -f json1 script.sh > shellcheck.json # Or with shellcheck-sarif converter (requires Rust/cargo): # cargo install shellcheck-sarif # shellcheck -f json script.sh | shellcheck-sarif > shellcheck.sarif
Run ShellCheck in CI
Scan on every push and upload the results to Vulnetix:
- name: Run ShellCheck
run: |
pip install shellcheck-py
find . -name '*.sh' -exec shellcheck -f json1 {} + > shellcheck.json
- name: Upload to Vulnetix
run: vulnetix upload --file shellcheck.json
Centralise ShellCheck results in Vulnetix
Upload ShellCheck SARIF output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.