-
When outputting a `trivy-results.sarif` file, it has root:root permissions, which is likely because the Docker container that executes Trivy is running as root.
Steps:
```yaml
- name: Run T…
-
* [x] Is this related to the `actions-rs` Actions?
If you think it's a problem related to Github Actions in general, use GitHub Community forum instead: https://github.community
* [x] You'v…
-
Hello,
In the Roslyn Sarif reports the file locations for source generator code are not pointing to the right location on disk, even if `EmitCompilerGeneratedFiles` is set to true.
In SonarSourc…
-
# TL;DR
When you'r facing this issue in private repository please add
```yaml
permissions:
actions: read
```
to your workflow, or wait until this PR gets merged:
```[tasklist]
### Fixed …
-
Please add support for outputting [SARIF (Static Analysis Results Interchange Format) information](https://github.com/microsoft/sarif-tutorials).
This would help integrate nitpick into other tools, a…
-
Running the results in an action workflow still only bring back the current default vulnerabilities. I have a test scan that has 44 vuls in the PR prior to the first merge. The resulting report shows …
-
As in title. Related to #6.
Currently there is no real visual cue when a validation has been performed - which makes it confusing... users have to figure out to open the SARIF viewer themselves - a…
-
Hi,
I am trying to run Pyre on a private repo.
But I get this error: `Error: repository not enabled for code scanning`
I tried to enable code scanning, but it is not that easy:
![image](htt…
-
Cheeky feature request - could support for JSON or SARIF be added for output? This would allow for easier consumption in continuous integration, and similarly vulnerability management tools
Json e…
-
You can [Upload a SARIF file to GitHub](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github), and in #71 we added a SARIF output form…