Description
I'm running Dockle on a Docker image, using -f sarif -o output.sarif, and then I'm using the action github/codeql-action/upload-sarif to upload the file to GHAS. The action fails to upload the file. I believe Dockle doesn't provide the location field in the result.
What did you expect to happen?
I should be able to upload the output.sarif file to GHAS.
What happened instead?
The upload-sarif action reports this error:
Error: Code Scanning could not process the submitted SARIF file:
locationFromSarifResult: expected at least one location,locationFromSarifResult: expected at least one location,
at Object.waitForProcessing (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:334:19)
at async run (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:60:13)
at async runWrapper (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:75:9)
Output of dockle -v:
Using Docker image : goodwithtech/dockle:v0.4.6
Description I'm running Dockle on a Docker image, using
-f sarif -o output.sarif, and then I'm using the actiongithub/codeql-action/upload-sarifto upload the file to GHAS. The action fails to upload the file. I believe Dockle doesn't provide thelocationfield in the result.What did you expect to happen? I should be able to upload the
output.sariffile to GHAS.What happened instead? The
upload-sarifaction reports this error:Output of
dockle -v: Using Docker image :goodwithtech/dockle:v0.4.6