jfrog 2.50.1 - Invalid SARIF file for GHAS upload

rseeton commented 1 year ago

Describe the bug

Hello all,

The current jfrog release (2.50.1) produces an invalid SARIF 2.1.0 file when running a scan:

jf scan --format sarif

The resulting SARIF file is invalid per to the validator SARIF 2.1.0 validation ( https://www.jsonschemavalidator.net/ )

"shortDescription": null,

Invalid type. Expected Object but got Null. Schema path: https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json#/definitions/multiformatMessageString/type

The generated file cannot be loaded to GHAS. This was working with the 2.48 CLI.

Current behavior

Generated SARIF file fails validation:

"shortDescription": null,

Invalid type. Expected Object but got Null. Schema path: https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json#/definitions/multiformatMessageString/type

Reproduction steps

Generate SARIF file using jfrog cli:

jf scan --format sarif > TEST.sarif

Paste TEST.sarif file to the https://www.jsonschemavalidator.net/

Expected behavior

Validation should be error free.

JFrog CLI version

jf version 2.50.1

Operating system type and version

Centos 8

JFrog Artifactory version

"version" : "7.55.10"

JFrog Xray version

{"xray_version":"3.65.2","xray_revision":"bca527a"}

rseeton commented 1 year ago

This is a continuation of our testing of the issues raised in #2135

attiasas commented 1 year ago

Hi @rseeton,

Thank you for bringing this issue to our attention. This bug is already a known issue, and we have addressed and fixed it in this pull request: https://github.com/jfrog/jfrog-cli-core/pull/996

The fix will be included in the next release of the CLI. Your feedback is much appreciated.

rseeton commented 1 year ago

jfrog-cli 2.50.2 produces a clean SARIF file, thanks!

jfrog / jfrog-cli