search

codacy / codacy-analysis-cli-action

GitHub Action for the codacy-analysis-cli
https://github.com/codacy/codacy-analysis-cli
Apache License 2.0
58 stars 18 forks source link

[TS-157] 'run-gosec' does not produce sarif output file despite args #94

Open jeremy-soh-partior opened 1 year ago

jeremy-soh-partior commented 1 year ago

Using the run-gosec: true feature does not produce a results output file despite both 'output' and 'format' args have been defined. For example:

  - name: Run Codacy Analysis CLI - Gosec
    uses: codacy/codacy-analysis-cli-action@master
    with:
      run-gosec: "true"
          run-staticcheck: "true"
          run-docker-tools: "false"
      output: ${{ inputs.repo-name }}.sarif 
      format: sarif                         
      verbose: true
      skip-uncommitted-files-check: true
      max-allowed-issues: 2147483647
      gh-code-scanning-compat: true
      api-token: ${{ secrets.CODACY_API_TOKEN }}
      upload: true

  - name: Debug - ls
    run: |
      ls -alh

It is to be noted that upload of the reported findings to the Codacy UI was successful. The findings were correctly populated. This helps to eliminate any doubt on the scan not running correctly. Is output file not supported with run-gosec: true?

github-actions[bot] commented 1 year ago

Internal ticket created : TS-157