-
The input `skip-setup-trivy` seems to have been removed...
```
Warning: Unexpected input(s) 'skip-setup-trivy', valid inputs are ['scan-type', 'image-ref', 'input', 'scan-ref', 'exit-code', 'ignor…
-
#633 renamed the sarif 2.1.0 schema.
something renamed the default branch from `master` to `main`.
I was linking to the file in order to generate my json which enables json validators to be happ…
-
Hi I added Microsoft Security DevOps task and installed SARIF SAST Scans Tab. I can see the artifacts that is getting generated with the extension msdo.sarif but i am not seeing any output in the Scan…
-
For the next major release of SARIF the underlying name should be changed from **Static Analysis Report Interchange Format** to **Systematic Analysis Report Interchange Format**. This would better ref…
-
https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning
-
I'm attempting to scan a image on a GHES 3.12 with a action runner in a docker container using @myoung34 container https://github.com/myoung34/docker-github-actions-runner.
When specifying sarif fo…
-
**Is your feature request related to a problem? Please describe.**
Creating a comment every time a commit is pushed to a PR is a non-starter for us. We would prefer to just upload the vulns to GHAS…
-
Hi,
I'm trying to setup a basic code analysis in my CI on my project.
I setup CodeQL for Ubuntu, worked first time.
I tried to set up the same for Windows using this :
https://devblogs.mi…
-
The README states:
- Display issues with their severity as a SARIF Report in the GitHub Workspace after a scan completes.
I was hoping that meant the violation report would get uploaded and impo…
-
Similar to `actions/upload-artifact`, `upload-sarif` should allow upload multiple sarif files. Pattern matching from `upload-artifact` should be great too.