-
We're using "Android Lint" to generate a sarif file. The sarif locations use this pattern:
```
"originalUriBaseIds": {
"%SRCROOT%": {
"uri": "file…
-
When running Kics as docker as part of a workflow(and not using kics GitHub action), SARIF output and the "artifactLocation" are all relative to the docker volume mounting point.
For example, when…
-
**Is your feature request related to a problem? Please describe.**
See https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning
-
Hello,
I'm trying to construct a scan step with Trivy action and have faced an issue when the action uses `exit-code` when no intended severities are found because by default SARIF format enforces …
-
This is a follow up on https://github.com/packit/packit/discussions/2371#discussioncomment-10474198
We should add two separate configuration options to cause CI to fail on scan failures and new fin…
-
We are currently running Trivy with the latest version:
```yaml
name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 #0.19.0
with:
ima…
-
I recently have been integrating both CppCheck and PVS-Studio into Azure DevOps Pipelines.
For CppCheck, I am using the Sarif.Multitool to generate sarif reports from cppcheck xml results files. I…
-
# Situation
In `SarifV1JSONImporter` the vulnerability description field is set to empty String (""). This was implemented analog to the `CheckmarxV1XMLImporter`, because of unwanted html-tags in Ch…
-
Application Inspector does not generate code flow results but CodeQL does. The Sarif Viewer should support viewing codeflow results when they are present.
-
**Describe the bug**
```
Currently when attempting to convert a seemingly valid XCCDF file from oscap-docker, an error occurs. This happens on 1.4.15 of saf
/ # saf convert hdf2csv -i openscap-r…