Github Security workbook - 'where' operator: Failed to resolve scalar expression named 'commit_oid_s'

[kborowiec-mag]

Describe the bug "Advanced Security Overvivew" tab returns following status:

Other tab like "Dependabot Alerts" returns result correctly

To Reproduce Steps to reproduce the behavior:

1. Configure Github Webhook Connector
2. Wait until GHAS data are propagated to githubscanaudit_CL
3. Go to Sentinel "Github Security" workbook
4. See error

Expected behavior Workbook generates proper reports

Screenshots

[github-actions[bot]]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[kborowiec-mag]

I have enabled CodeQL Analysis and found that "Code Scanning Alerts" also returns errors:

but "Secret Scanning Alerts" and "Dependabot Alerts" tabs are working fine.

[v-sudkharat]

Hi @kborowiec-mag, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 08-01-2024. Thanks!

[kborowiec-mag]

After enabling CodeQL Analysis and running a code scan - "commit_oid_s" appeared in githubscanaudit_CL and problem disappeared.

Looks like having CodeQL enabled is crucial to have "Advanced Security Overview" tab working.

[v-sudkharat]

Hi @kborowiec-mag, thank you for closing this issue. if you still need support for this issue, feel free to re-open it any time. Thank you for your co-operation.