Open kawikao opened 1 year ago
Isn't this actually the opposite problem?
Severity levels are perfectly useful, and it's quite annoying that all findings are reported as Errors. Why does Chekov not reproduce the severity defined for each rule in SARIF reports?
The same here! Kinda of messy to priorize issues with "error" status in all of them/
After calling checkov-action in a workflow, the Severity filter in Code scanning in Github shows the regular checkov severities (low, medium, high and critical). Since checkov-action always reports
error
, these make no sense to even be in the filter list.