-
Hi I added Microsoft Security DevOps task and installed SARIF SAST Scans Tab. I can see the artifacts that is getting generated with the extension msdo.sarif but i am not seeing any output in the Scan…
-
See #101 -- in order to report a false positive, a user needs the `cpe`, which means `clj-watson` needs to report that.
I don't know what this would look like in JSON or EDN (or Sarif?) but maybe t…
-
Trying to run https://github.com/nextcloud/server/pull/37390 results in error messages like this one when uploading the report:
```log
{
"property": "instance.runs[0].results[71].locations[0]…
-
When I run a static analysis build with the old viewer, it auto opens the SARIF viewer and populates it with the SARIF outputs from that build.
Now when I run the static analysis build, nothing hap…
-
The README states:
- Display issues with their severity as a SARIF Report in the GitHub Workspace after a scan completes.
I was hoping that meant the violation report would get uploaded and impo…
-
Currently the SARIF output includes a psuedo path to `osv-scanner.toml` which is always Unix based even on Windows:
https://github.com/google/osv-scanner/blob/a2c1602cf10816b5ff81d9e03572ba11dbb15a…
-
https://github.com/nvuillam/node-sarif-builder/blob/2682b619b87130190c1511ef60b1d2310659e5f3/src/lib/sarif-rule-builder.ts#L10-L21
This is basically the same issue as my previous one (#55), only th…
-
# eslint-results.sarif
https://www.npmjs.com/package/@microsoft/eslint-formatter-sarif
https://npmmirror.com/package/@microsoft/eslint-formatter-sarif
https://github.com/eslint/eslint/issue…
-
It seems like a file uri reference like this:
`file:///d:/sarif/demo.c`
does not work.
This is the correct format according to https://datatracker.ietf.org/doc/html/rfc8089
and is also exemplified…
-
In our project we are doing many sarif scans: trivy + hadolint for every container we are going to build.
All sarif files ending up in CodeAnalysisLogs with their respective name e.g. hadolint-{conta…