PLAT-15858 Update documentation and remove language detection code (#248)

* Normalizes CodeQL tool driver name matching

Ensures that the CodeQL tool driver name is correctly overwritten to 'GitHub CodeQL' regardless of case or surrounding whitespace.

Updates the logic to trim and lowercase the tool driver name before comparing it to "codeql", handling variations in casing and spacing.
Also adds unit tests to verify the fix works for different cases.

* Bump dependency versions

* More updates

* Remove unused github token

* Minor updates to README

---------

Co-authored-by: Colin Wong <[email protected]>

Author: jholden-scw

README.md

@@ -1,10 +1,39 @@
-# GitHub Action
+# Secure Code Warrior SARIF Processing Tool
 
-This GitHub Action adds Secure Code Warrior contextual application security training material to SARIF files. This training material will be displayed within Code Scanning alerts if the resulting SARIF file is imported using the `github/codeql-action/upload-sarif` Action, and includes links to secure coding exercises and short explainer videos where available.
+## Overview
 
-This Action currently supports adding training material based on CWE references (e.g. CWE 89) and common vulnerability phrases (e.g. use-after-free vulnerability) included in static analysis findings.
+This tool processes SARIF (Static Analysis Results Interchange Format) files, typically generated by static code analysis tools like CodeQL, and can be run as a GitHub Action or as a standalone CLI tool.
+It adds Secure Code Warrior contextual application security training material to SARIF files.
+This training material will be displayed within Code Scanning alerts if the resulting SARIF file is imported using the `github/codeql-action/upload-sarif` Action, and includes links to secure coding exercises and short explainer videos where available.
+This tool currently supports adding training material based on CWE references (e.g. CWE 89) and common vulnerability phrases (e.g. use-after-free vulnerability) included in static analysis findings.
 
-## Usage
+### Key Features
+
+- **Integration of Secure Code Warrior Training Material:**
+
+  The tool enriches SARIF files by adding **Secure Code Warrior** contextual application security training content. When the resulting SARIF file is imported using the [`github/codeql-action/upload-sarif`](https://github.com/github/codeql-action) GitHub Action, this training material is displayed directly within Code Scanning alerts.
+
+  The added content includes links to:
+
+    - Secure coding exercises
+    - Short explainer videos (where available)
+
+  Currently, the tool supports adding training materials based on:
+
+  - CWE references (e.g., CWE-89)
+  - Common vulnerability phrases (e.g., use-after-free vulnerability)
+
+  These are extracted from static analysis findings to provide relevant, actionable learning resources alongside detected vulnerabilities.
+
+- **Flexible File Input:**
+  Supports glob and wildcard patterns for input files, allowing batch processing of SARIF files in a directory, recursively, or by matching specific patterns.
+
+- **Robust Output Handling:**
+  Outputs processed SARIF results to specified filenames, with support for file overwriting and verification of output file patterns.
+
+---
+
+## Usage - GitHub Actions
 
 ### Individual SARIF file
 
@@ -34,7 +63,6 @@ This Action currently supports adding training material based on CWE references
         with:
           inputSarifFile: sarif/findings.sarif
           outputSarifFile: sarif/findings.processed.sarif
-          githubToken: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Import Results
         uses: github/codeql-action/upload-sarif@v3
@@ -60,7 +88,6 @@ This Action currently supports adding training material based on CWE references
         with:
           inputSarifFile: ./sarifs/*.json
           outputSarifFile: ./processed-sarifs
-          githubToken: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Import Results
         uses: github/codeql-action/upload-sarif@v3
@@ -86,24 +113,51 @@ This Action currently supports adding training material based on CWE references
         with:
           inputSarifFile: ./sarifs
           outputSarifFile: ./processed-sarifs
-          githubToken: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Import Results
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ./processed-sarifs
 ```
 
-## Inputs
+### Inputs
 
-### `inputSarifFile`
+#### `inputSarifFile`
 
 The SARIF file(s) to add Secure Code Warrior contextual training material to. This can be a path to a single file (e.g. `./findings.sarif`), a glob path (e.g. `./scans/**/*.sarif`) or a directory (d.g. `./scans`), in which case all `.sarif` files recursively in the specified directory will be processed. **Default value:** `./findings.sarif`
 
-### `outputSarifFile`
+#### `outputSarifFile`
 
 The output path of the resulting SARIF file(s) with Secure Code Warrior contextual training material appended. If a glob path or a directory was provided as the `inputSarifFile` input then the resulting SARIF files will be output to the `./processed-sarifs` directory, which can then simply be the path provided in the `sarif_file` input of the `github/codeql-action/upload-sarif` action. **Default value:** `./findings.processed.sarif`
 
-### `githubToken` (optional)
+## Usage - Command line
+
+This GitHub Action can also be run in CLI mode, to enable integration with other CI tools e.g. [Jenkins](https://www.jenkins.io/)
 
-Provide `${{ secrets.GITHUB_TOKEN }}` to use the GitHub access token automatically supplied by GitHub Workflows. This enables language-specific training links to be generated (where available) by fetching the repository language from the GitHub API.
+### Syntax
+```bash
+node clilauncher.js <input-pattern> <output-file>
+```
+  - input-pattern: Path to the SARIF file(s) you want to process. Supports:
+    - Exact file path
+    - Wildcard patterns (e.g., *.sarif)
+    - Recursive globstars (e.g., **/*.sarif)
+  - output-file: File path where the processed SARIF results will be saved.
+
+**Important:**
+  - Globstar and wildcard patterns should be enclosed in quotes to prevent the shell from expanding them prematurely.
+  - If a globstar pattern is used, the default output dir will be `./processed-sarifs`.  Otherwise, files will be output to the root directory.
+
+### Examples
+
+| Scenario                            | Command Example                                                                 |
+|-----------------------------------|---------------------------------------------------------------------------------|
+| Process a single specific file     | `node clilauncher.js ./sarifs/testInput.sarif findings.processed.sarif`         |
+| Process all SARIF files in a folder| `node clilauncher.js './sarifs/*.sarif' findings.processed.sarif`         |
+| Process all SARIF files recursively| `node clilauncher.js './sarifs/**/*.sarif' findings.processed.sarif`      |
+| Process files with filename prefix | `node clilauncher.js './sarifs/test*.sarif' findings.processed.sarif`     |
+| Process files with suffix          | `node clilauncher.js './sarifs/*Input.sarif' findings.processed.sarif`    |
+| Single-character wildcard match    | `node clilauncher.js './sarifs/test?.sarif' findings.processed.sarif`     |
+| Character set wildcard match       | `node clilauncher.js './sarifs/test[0-9].sarif' findings.processed.sarif` |
+| Directory wildcard match           | `node clilauncher.js './sarifs/*' findings.processed.sarif`               |
+| Deep nested glob matching          | `node clilauncher.js './sarifs/**/**/*.sarif' findings.processed.sarif`   |

action.yml

@@ -13,9 +13,6 @@ inputs:
     description: 'Relative destination location for processed SARIF file(s)'
     required: true
     default: './findings.processed.sarif'
-  githubToken:
-    description: 'Provide `secrets.GITHUB_TOKEN` to use the GitHub access token automatically supplied by GitHub Workflows'
-    required: false
 runs:
   using: 'node20'
   main: 'dist/index.js'