Provide a webhook/HTTP callback for results?

[woodruffw]

This was just a random thought I had: some users might want to integrate the results of this action's workflow run(s) into other alerting systems, like a Slack channel.

Supporting every possible integration would be tedious, so we could instead allow a user to specify a URL that the action would perform an HTTP POST to if one or more vulnerabilities were found. For example:

with:
  webhook: https://some.custom.domain.example.com/pip-audit

Not sure if this is a good idea or not, but wanted to record it.

[felixogg-britned]

It's a great idea, but I am mostly looking to just commit the results to a file in the same github action execution, so it gets tracked as a repo file. I could not work out how to send output in markdown format to a local file.

[woodruffw]

You can currently use outputs.internal-be-careful-ouput for that. That may or may not be idea for your case, however, since that output is the human-readable column format and not JSON.

See:

gh-action-pip-audit/action.yml

Lines 53 to 56 in 1220774

	outputs:
	internal-be-careful-output:
	description: "the column-formatted output from pip-audit, wrapped as base64"
	value: "${{ steps.pip-audit.outputs.output }}"

#4 is a related issue for providing machine-readable outputs.