Open baruchiro opened 1 year ago
for example
(Out of scope here, moved to #134)
I will look into this issue. I've started working on the SARIF in #147.
It is strange to me that artifactLocation
is missing, maybe it was because #147 , so check this issue and maybe you will find it is not reproducible.
You can Upload a SARIF file to GitHub, and in #71 we added a SARIF output format.
If you will try to upload this SARIF, you will find that the property
artifactLocation
is wrong, with the errorlocationFromSarifResult: expected artifact location
.Steps to reproduce:
go run . git . --report-path results.sarif
)sarif=$(gzip -c results.sarif | base64 -w0) commit=$(git rev-parse HEAD)
ask the user for the repo name
read -p "Enter the repo name (OWNER/REPO): " repo
response=$(gh api \ --method POST \ -H "Accept: application/vnd.github+json" \ -H "X-GitHub-Api-Version: 2022-11-28" \ /repos/$repo/code-scanning/sarifs \ -f commit_sha="$commit" \ -f ref='refs/heads/main' \ -f sarif="$sarif")
sarifID=$(echo $response | jq -r '.id') echo "SARIF ID: $sarifID"
wait for SARIF to be processed
echo "Waiting for SARIF to be processed..." sleep 10
response=$(gh api \ -H "Accept: application/vnd.github+json" \ -H "X-GitHub-Api-Version: 2022-11-28" \ /repos/$repo/code-scanning/sarifs/$sarifID)
echo $response
You need to check if we can omit this
artifactLocation
, or if we have to fill it.