Open jsoref opened 2 years ago
Reported in: https://github.com/github/codeql-action/issues/390#issuecomment-786543363
reports/a.sarif:
reports/a.sarif
{ "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", "runs": [ { "artifacts": [], "columnKind": "unicodeCodePoints", "results": [], "tool": { "driver": { "fullName": "clang static analyzer", "language": "en-US", "name": "clang", "rules": [], "version": "clang version 10.0.0-4ubuntu1 " } } } ], "version": "2.1.0" }
$ rm -f merged.sarif; ls reports; npx @microsoft/sarif-multitool merge reports/*.sarif; cat merged.sarif a.sarif Merge completed in 00:00:00.5145477. { "$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json", "version": "2.1.0", "runs": [] }
The output should be a lot closer to the input.
Namely, all of the tool objects from all of the runs should be included in the merged output even if there were no results for a given run.
tool
Indeed, the empty runs is problematic. For instance, it leads to an error when uploading SARIF to GitHub: Error when processing the SARIF file.
runs
Error when processing the SARIF file
Reported in: https://github.com/github/codeql-action/issues/390#issuecomment-786543363
reports/a.sarif
:Expected results
The output should be a lot closer to the input.
Namely, all of the
tool
objects from all of the runs should be included in the merged output even if there were no results for a given run.