prabhu
commented
3 years ago @darkspirit510 This is in jsonlines format where each line is a json. This can then be imported into supported platforms such as Google BigQuery for advanced analysis.
Closed darkspirit510 closed 3 years ago
prabhu
commented
3 years ago @darkspirit510 This is in jsonlines format where each line is a json. This can then be imported into supported platforms such as Google BigQuery for advanced analysis.
darkspirit510
commented
3 years ago Never heard of this, but guess there will be some Java implementation. Then, of course, this is not a bug. Thank you for the reply!
prabhu
commented
3 years ago @darkspirit510 I've shared the python snippet to parse this in the docs - https://slscan.io/en/latest/getting-started/use-cases/#parsing-the-full-report
Hope you could do the same in java: read line by line and parse the json to get the full sarif representation.
Running
docker run --rm -e "WORKSPACE=${PWD}" -v ~/.m2:/.m2 -v <source path>:/app shiftleft/scan scan --src /app --type javareturns several result files:
-rw-r--r-- 1 sknoop sknoop 92K Jun 3 19:42 .sastscan.baseline -rw-r--r-- 1 sknoop sknoop 7.1M Jun 3 19:41 class-report.html -rw-r--r-- 1 sknoop sknoop 7.2M Jun 3 19:41 class-report.sarif -rw-r--r-- 1 sknoop sknoop 13M Jun 3 19:41 class-report.xml -rw-r--r-- 1 sknoop sknoop 8.6M Jun 3 19:42 ngsast-report.findings.json -rw-r--r-- 1 sknoop sknoop 5.2M Jun 3 19:42 scan-full-report.json -rw-r--r-- 1 sknoop sknoop 0 Jun 3 19:41 source-java-report.csv -rw-r--r-- 1 sknoop sknoop 17K Jun 3 19:42 source-java-report.html -rw-r--r-- 1 sknoop sknoop 2.3K Jun 3 19:42 source-java-report.sarif
For release 2.0.0 the file scan-full-report.json contains:
Those are two JSON structures in one file which is invalid. Could you either split this to two files or wrap something around to fix this?