-
Hi,
We encountered an issue with github's action 'scan_and_push_container_images_to_registries'
at the 'Convert Container Scan Report to SARIF' step, here's is the ouput:
"
Run rm3l/container-scan…
-
Is there any chance for SARIF support (SARIF-compatible output file)? That would allow to use `github/codeql-action/upload-sarif@v1` in workflows, e.g.:
```
- name: Upload SARIF report
uses: gi…
-
**Is your feature request related to a problem? Please describe.**
In order to allow importing polaris reports into other different tools, it should provide a way to export reports to [SARIF format](…
-
For the next major release of SARIF the underlying name should be changed from **Static Analysis Report Interchange Format** to **Systematic Analysis Report Interchange Format**. This would better ref…
-
**User story.**
As a Developer, I would like to get issues displayed in Sonarqube if my openapi spec does not apply to the provided spectral ruleset.
**Is your feature request related to a problem?*…
-
### What kind of request is this?
New feature
### What is your request or suggestion?
Today, copa supports trivy json as the input. We should also support [`sarif`](https://docs.oasis-open.or…
-
## Motivation
Having the security scan action integrated with GitHub's security tab will give security issues found by the scan more visibility, and let maintainers deal with security advisories an…
-
ZAP Scans, since using the Github Action, now generate artifacts in `html, md and json` formatting. Attempting to follow [ZAP Automation](https://www.zaproxy.org/docs/automate/), specifically [automat…
-
Is it possible to make Trivy write the invocation [`startTimeUtc` and `endTimeUtc`](https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317574) properties to the SARIF output …
-
I'm looking at ways go improve _engagement_ (around security) and one way is to involve my devs a little more in _everything security_.
Currently the results of a scan (can) go to the GitHub securi…
harmw updated
2 weeks ago