Sarix Security Verification

Version updated for https://github.com/AvixoSec/sarix to version v0.4.0.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Sarix is a security-focused CLI tool designed to enhance code scanning workflows by verifying and contextualizing alerts generated by tools like Semgrep and CodeQL. Its primary functionality includes importing SARIF reports, analyzing source code to validate alerts, reducing noise, and providing evidence-backed verdicts on potential vulnerabilities. By automating the verification process and offering structured insights into security issues, Sarix streamlines code review, reduces false positives, and improves the accuracy and clarity of CI reports.

What’s Changed

Sarix 0.4.0 (formerly CodeSight)

This release completes the rebranding of the project from CodeSight to Sarix to avoid naming collisions and establish a unique identity.

Core changes:

• Renamed the CLI entrypoint to sarix (pip install sarix).
• Replaced all CODESIGHT_ environment variables with SARIX_.
• Migrated documentation and homepage to sarix.avixosec.xyz.
• Internal logic, verification models, and CI performance remain completely unchanged.

Migration: If you have codesight in your CI pipelines, simply replace the package name and command with sarix. No architectural changes are required.

• AvixoSec
• GitHub Actions