search

google / osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev
https://google.github.io/osv-scanner/
Apache License 2.0
6.11k stars 343 forks source link

SARIF reporting should use Windows filepaths #604

Open G-Rath opened 10 months ago

G-Rath commented 10 months ago

Currently the SARIF output includes a psuedo path to osv-scanner.toml which is always Unix based even on Windows:

https://github.com/google/osv-scanner/blob/a2c1602cf10816b5ff81d9e03572ba11dbb15af1/internal/output/sarif.go#L85-L85

This should be addressed after #603

github-actions[bot] commented 1 month ago

This issue has not had any activity for 60 days and will be automatically closed in two weeks