feat(docs): Add SARIF integration instructions

Closes #45

Author: jubnzv

docs/tutorial/ci-cd.md

@@ -16,7 +16,8 @@ It could be located at e.g., `.github/workflows/ci.yml`.
 
 **3. Add the step to run Misti to your YAML file**
 
-For example:
+<details>
+<summary>Example GitHub Actions configuration</summary>
 
 ```yaml
 name: CI
@@ -60,6 +61,8 @@ jobs:
         run: yarn misti --min-severity medium /path/to/your/tact.config.json
 ```
 
+</details>
+
 The `yarn misti --min-severity medium /path/to/your/tact.config.json` command will run Misti against your project. If Misti detects any issues that are not suppressed by your configuration, it will return a non-zero exit code, causing the CI pipeline to fail.
 
 The `--min-severity medium` will filter out low-priority warnings. You can always run Misti with all the detectors enabled locally in order to get the most comprehensive warnings output: `yarn misti --all-detectors /path/to/your/tact.config.json`
@@ -68,6 +71,88 @@ The `--min-severity medium` will filter out low-priority warnings. You can alway
 
 If you find that Misti is too noisy (e.g., detecting issues that are not relevant to your project), you can adjust your Misti configuration file to suppress those warnings. Refer to the [Configuration](./configuration) section for more details on how to customize your settings.
 
+### Using SARIF and GitHub Actions
+Additionally, it is possible to integrate Misti with GitHub Actions code scanning using the SARIF output format. After this, the issues found by Misti will be shown in the PR like this:
+
+![CFG Example](/img/misti-sarif.png)
+
+To implement this, adjust the previous GitHub Actions with the following:
+1. Add `--output-format sarif` and `-O /tmp/misti` to the Misti execution command
+2. Add the following commands at the top of your file:
+```yaml
+permissions:
+  security-events: write
+  actions: read
+  contents: read
+```
+3. Add the following action after executing Misti:
+```yaml
+- name: Upload SARIF results
+  uses: github/codeql-action/upload-sarif@v3
+  with:
+    sarif_file: /tmp/misti/warnings.sarif
+    category: misti-security-analysis
+```
+
+<details>
+<summary>Updated GitHub Actions configuration</summary>
+
+```yaml
+name: CI
+
+permissions:
+  security-events: write
+  actions: read
+  contents: read
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  workflow_dispatch:
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version: [22]
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Install Soufflé on Ubuntu
+        if: matrix.os == 'ubuntu-latest'
+        run: |
+          sudo wget https://souffle-lang.github.io/ppa/souffle-key.public -O /usr/share/keyrings/souffle-archive-keyring.gpg
+          echo "deb [signed-by=/usr/share/keyrings/souffle-archive-keyring.gpg] https://souffle-lang.github.io/ppa/ubuntu/ stable main" | sudo tee /etc/apt/sources.list.d/souffle.list
+          sudo apt update
+          sudo apt install souffle
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Install dependencies
+        run: yarn install
+
+      - name: Run Misti
+        run: yarn misti --min-severity medium -o sarif -O /tmp/misti /path/to/your/tact.config.json
+
+      - name: Upload SARIF results
+        uses: github/codeql-action/upload-sarif@v3
+        if: always() && hashFiles('/tmp/misti/warnings.sarif') != ''
+        with:
+          sarif_file: /tmp/misti/warnings.sarif
+          category: misti-security-analysis
+```
+
+</details>
+
 ## Integration with Blueprint Projects
 To add Misti to the CI for your Blueprint project, follow these steps:
 1. [Install `blueprint-misti`](./blueprint.md).