search

OWASP-Benchmark / BenchmarkUtils

OWASP Benchmark Project Utilities - Provides scorecard generation and crawling tools for Benchmark style test suites.
https://owasp.org/www-project-benchmark/
GNU General Public License v3.0
13 stars 48 forks source link

Create Snyk Scorecard Parser for SARIF Format #65

Closed davewichers closed 2 months ago

davewichers commented 2 months ago

@darkspirit510 - Can you implement this when you get a chance?

We have an existing script for running Snyk: https://github.com/OWASP-Benchmark/BenchmarkJava/blob/master/scripts/runSnykSAST.sh

Currently it does this: snyk code test --json-file-output=results/Benchmark_$benchmark_version-snykCodeCli.json

But it can easily be changed to this: snyk code test --sarif-file-output=results/Benchmark_$benchmark_version-snykCodeCli.sarif

If you want me to send you the sarif results file for Benchmark1.2, so you don't have to set up Snyk yourself, happy to do so.

darkspirit510 commented 2 months ago

@davewichers It sure makes it easier for me, if you send me the file. I'll create the writer this weekend.

darkspirit510 commented 2 months ago

@davewichers guess this one can be closer?

davewichers commented 2 months ago

Apparently Snyk json was just sarif, so already supported. @darkspirit510 - tweaked the parser slightly to ignore the file extension so it will parse json/sarif files regardless of their extension.