What would you like to be added:
SAIRF output validation tests.
Why is this needed:
One of the output formats Grype supports is SARIF. Today, we are not validating that the SARIF files Grype creates are valid. One way to are able to validate them is using the NPM package @microsoft/jest-sarif. We would probably be able to make a container that can be passed a SARIF file and it validates in order to incorporate this functionality into the Grype test suite (other suggestions welcome!).
Additional context:
We are validating SARIF in the scan-action using the aforementioned library (see here).
What would you like to be added: SAIRF output validation tests.
Why is this needed: One of the output formats Grype supports is SARIF. Today, we are not validating that the SARIF files Grype creates are valid. One way to are able to validate them is using the NPM package
@microsoft/jest-sarif
. We would probably be able to make a container that can be passed a SARIF file and it validates in order to incorporate this functionality into the Grype test suite (other suggestions welcome!).Additional context: We are validating SARIF in the
scan-action
using the aforementioned library (see here).