Closed darkspirit510 closed 3 years ago
@darkspirit510 This is in jsonlines format where each line is a json. This can then be imported into supported platforms such as Google BigQuery for advanced analysis.
Never heard of this, but guess there will be some Java implementation. Then, of course, this is not a bug. Thank you for the reply!
@darkspirit510 I've shared the python snippet to parse this in the docs - https://slscan.io/en/latest/getting-started/use-cases/#parsing-the-full-report
Hope you could do the same in java: read line by line and parse the json to get the full sarif representation.
Running
docker run --rm -e "WORKSPACE=${PWD}" -v ~/.m2:/.m2 -v <source path>:/app shiftleft/scan scan --src /app --type java
returns several result files:
-rw-r--r-- 1 sknoop sknoop 92K Jun 3 19:42 .sastscan.baseline -rw-r--r-- 1 sknoop sknoop 7.1M Jun 3 19:41 class-report.html -rw-r--r-- 1 sknoop sknoop 7.2M Jun 3 19:41 class-report.sarif -rw-r--r-- 1 sknoop sknoop 13M Jun 3 19:41 class-report.xml -rw-r--r-- 1 sknoop sknoop 8.6M Jun 3 19:42 ngsast-report.findings.json -rw-r--r-- 1 sknoop sknoop 5.2M Jun 3 19:42 scan-full-report.json -rw-r--r-- 1 sknoop sknoop 0 Jun 3 19:41 source-java-report.csv -rw-r--r-- 1 sknoop sknoop 17K Jun 3 19:42 source-java-report.html -rw-r--r-- 1 sknoop sknoop 2.3K Jun 3 19:42 source-java-report.sarif
For release 2.0.0 the file scan-full-report.json contains:
Those are two JSON structures in one file which is invalid. Could you either split this to two files or wrap something around to fix this?