-
Integrating flawfinder in my github repo I revieved a .sarif report generated, that has the following entry:
```
{
"$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5…
-
Is it possible to make Trivy write the invocation [`startTimeUtc` and `endTimeUtc`](https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317574) properties to the SARIF output …
-
### 🐛 Describe the bug
import torch
import torchaudio
from torch import nn
class DataCov(nn.Module):
def __init__(self):
super(DataCov, self).__init__()
self.transform…
-
I am trying to use fortify/github-action/ssc-export@v1 task to download Fortify latest scan results and publish the same on to GitHub advanced Security Dashboard.
Error: Action failed with error: E…
-
**Describe the bug**
GitLeaks pre v8.18.2 used to show the rule IDs in the SARIF output in the following way:
```json
"rules": [
{
"id": "adafruit-api-key",
"name": "Ad…
nierz updated
4 months ago
-
I'm looking at ways go improve _engagement_ (around security) and one way is to involve my devs a little more in _everything security_.
Currently the results of a scan (can) go to the GitHub securi…
harmw updated
2 weeks ago
-
I'm developing a GitHub action following
https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#physicallocation-object
The doc says …
-
#1797 (via #4011, thanks to @csordasmarton / @Szelethus),
has added support for ingesting SARIF **into** codechecker,
however i was under false pretense that #1797 was about
the exact opposite feat…
-
👋 Hello! Not sure if this is the right place to raise this issue, but we've noticed that the way Fortify SCA is generating SARIF documents is causing a bad user experience with GitHub Code Scanning.
…
-
I haven't been able to find a clear guide on how to get check-spelling working with private repositories.
Seems like it may be necessary to add a secret named `CHECK_SPELLING` in GitHub, but should…