-
I'm not even sure if `Finding2` should have an `Entity`. I think that it would be great to make `Finding2` serializable some how (json, sarif...). And `Entity` has a refenrece to a `KtElement` and tha…
-
For example, this part of code for github action send scan result to GH security tab your repo.
```
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/uplo…
-
## Expected Behavior
I would like to use the Markdown Report (#4858) in projects with multiple modules.
For this, I would like to extend the ReportMergeTask to work also with markdown files. Sa…
-
The deserialization hints on the autogenerated `Result.Level` property:
```
[DefaultValue(FailureLevel.Warning)]
[JsonProperty(DefaultValueHandling = DefaultValueHandling.IgnoreAn…
ghost updated
4 months ago
-
download the latest code, and remove `implementation project(':library')` in `app/build.gradle`; and copy `checks.jar` to /tmp
```
osboxes# export JAVA_HOME=/usr/lib/jvm/adoptopenjdk-11-hotspot-am…
-
Originally reported in the megalinter repository thinking the problem was there, I copy the link where the problem with this particular linter is detailed:
https://github.com/oxsecurity/megalinter/…
-
Add the option to change the output of the report from the gitleaks scan.
I think it's useful to have SARIF as the default, as Github actions can upload this for code scanning.
please see PR #34 for…
-
Hi,
It would be nice if the Clang Static Analyzer workflow output was uploaded to GitHub in SARIF format.
See here: https://docs.github.com/en/code-security/code-scanning/integrating-with-code-sca…
-
Starting this morning, we started seeing the following in our github actions workflows:
checkov -d . --output sarif --soft-fail --download-external-modules true
Error: -16 …
-
I'm trying to run `dfetch check --jenkins_json jenkins.json` but when user credentials are required it waits indefinitely for user input.
I would like to have a user flag `--non-interactive` or as…