-
Since recently we get the following error messages on SARIF upload in https://github.com/metabrainz/picard/ :
```
Error: Code Scanning could not process the submitted SARIF file:
rejecting SARIF,…
-
Earlier it used to work fine
# Pipeline
```
checkov_scan:
runs-on: ubuntu-latest
steps:
- name: "Checkout"
uses: actions/checkout@master
- name: Run Checkov act…
-
Hi, is it in the roadmap to make PHP_CodeSniffer provide [SARIF](https://sarifweb.azurewebsites.net/) output ? (SARIF is the OASIS common format for all analysis tools )
It would help improve its […
-
**Is your feature request related to a problem? Please describe.**
There were no options to export the consolidated report of the project within Microsoft Visual Code. The report will help in so many…
-
I'd like to better understand if the SARIF output format would work well with SCA tooling. For example, the various tooling that integrate Sonatype's OSSIndex. Is there an example SARIF output for suc…
-
https://github.com/facebookresearch/demucs
-
This is IMHO better approach than producing the SARIF report. Mostly because SARIF is meant for reporting of static analysis of the code and tests aren't such thing. Using Workflow Commands should be …
-
1. Run `go run . confluence --url 'https://checkmarx.atlassian.net/wiki' --report-path results.sarif`
2. Go to the [Sarif Viewer](https://microsoft.github.io/sarif-web-component/)
3. Check the "loca…
-
**Is your feature request related to a problem? Please describe.**
I want to import data of Talisman into my vulnerability aggregation tool OWASP DefectDojo.
Talisman doesn't seems to generate repor…
-
**Describe the bug**
In SARIF report output, the "ruleId" for NPM findings is just a number. That make it hard to understand what database to look that number up in, adding the NPM- prefix would make…