-
It will be nice to have SARIF file support as the output of the scan.
I do not mean changing the current JSON output generated but adding a flag that would also create a serif file with results.
S…
-
Any interest in adding support for SARIF (Static Analysis Results Interchange Format) output: ?
-
## Currently
The sarif report includes the clj-watson version:
```json
{
"$schema" : "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json",
"version" : "2.1.0",
"ru…
lread updated
2 weeks ago
-
[OASIS Static Analysis Results Interchange Format](https://www.oasis-open.org/committees/sarif/) is a newish standardization format for analysis tools.
It would be great if typos can support output…
-
It would be nice to present people results from the analysis including the relation to other related jobs (like SRPM/RPM) build.
This would most probably require a reporting mechanism to be imple…
-
Poping up the SARIF viewer after each commit is very intrusive. Make this optional or add flag to disable. this behavior.
-
My issue seems to be similar to this [previous one](https://github.com/microsoft/sarif-sdk/issues/2694).
I am using the [trivy open source security scanner](https://github.com/aquasecurity/trivy-ac…
-
Hello, I can't scan a private image that is stored in ghcr.io.
I've verified the credentials.
Here is the pipeline:
```yaml
name: Deploy to dev env
on:
push:
branches: ["dev"]
…
-
["3.11.6 Messages with embedded links"](https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790717) has:
```
link destination = ? Any valid URI…
-
We should add some remediation guidance to the OSV-Scanner SARIF output to let users know to remediate their vulnerabilities.
- Upgrade the vulnerable dependencies (in the future, point to #352).
…