search

ShiftLeftSecurity / sast-scan

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
https://discord.gg/DCNxzaeUpd
Apache License 2.0
788 stars 112 forks source link

Not able to see scan result in dev azure due to sarif file empty #400

Open anime-shed opened 3 months ago

anime-shed commented 3 months ago

HTML contains scan result but sarif file is empty image

image

Yml for pipeline:

trigger:
  branches:
    include:
      - master
pool:
 vmImage: ubuntu-latest

container: shiftleft/sast-scan:latest

steps:
    - script: scan --build --type depscan --out_dir $(Build.ArtifactStagingDirectory)/CodeAnalysisLogs
      displayName: "Perform Vulnerability Scan"
      continueOnError: "true"

    - task: PublishBuildArtifacts@1
      displayName: "Publish scan logs"
      inputs:
        PathtoPublish: '$(Build.ArtifactStagingDirectory)/CodeAnalysisLogs'
        ArtifactName: 'CodeAnalysisLogs'
        publishLocation: 'Container'
        StoreAsTar: true