PR annotations stopped working after upgrading to version v1.6.1

[kazaker]

Hey Team, thank you for a great tool. I'm facing a small problem after upgrading to v1.6.1. Before that PR comments and annotations worked fine, but after it I see only comment, annotations are gone. I don't see any apparent error in task log, other that this:

Results Summary: HIGH: 0 MEDIUM: 0 LOW: 0 INFO: 6 TOTAL: 6

Results saved to file scanResults/results.json Scan duration: 21.428828286s A new version 'v1.6.5' of KICS is available, please consider updating fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz (1/7) Installing c-ares (1.18.1-r0) (2/7) Installing libgcc (11.2.1_git20220219-r2) (3/7) Installing icu-data-en (71.1-r2) Executing icu-data-en-71.1-r2.post-install *

• If you need ICU with non-English locales and legacy charset support, install
• package icu-data-full.

• (4/7) Installing libstdc++ (11.2.1_git20220219-r2) (5/7) Installing icu-libs (71.1-r2) (6/7) Installing nodejs (16.17.1-r0) (7/7) Installing npm (8.10.0-r0) Executing busybox-1.35.0-r17.trigger OK: 72 MiB in 31 packages npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.

added 34 packages, and audited 35 packages in 3s

2 high severity vulnerabilities

To address all issues, run: npm audit fix

Run npm audit for details.

kics-github-action@1.0.0 build ncc build src/main.js

ncc: Version 0.31.1 ncc: Compiling file index.js into CJS 791kB dist/index.js 791kB [4292ms] - ncc 0.31.1 Running KICS action... (node:63) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead. (Use node --trace-deprecation ... to show where the warning was created) KICS scan status code: 0

Doesn't work irregardless of setting enable_annotations variable explicitly to true or leaving it by default.

Could you please help me with that?

[joaoReigota1]

Hi @kazaker, thank you for bringing this issue to our attention. It seems there was a bug in the javascript, as the name of the env called for annotations was incorrect. There is already a PR opened to fix this issue. Thank you

[JamesHaughey]

Do you know when this fix will published in a release? I'm having to run against the 'master' branch right now and would very much prefer to use a non-mutable tag.