gfs
commented
7 months ago I'm not sure what property populates that field. It doesn't appear to be documented in the GitHub documentation for how the code scanning feature parses sarif: https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning. From this other page, it sounds like populating that field may be limited to CodeQL only: https://docs.github.com/en/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page#how-codeql-defines-scanned-files. The results for the files that were scanned appear to be in CSV format, but the Upload Sarif action doesn't provide any argument to provide such a csv: https://github.com/github/codeql-action/blob/v3/upload-sarif/action.yml
DevSkim scanned tons of files in the repo, and alerts are being reported perfectly fine, but I cannot see how many files were scanned (like CodeQL does for example) Is there any way to configure this?
I would appreciate your help!