search

microsoft / sarif-tools

A set of Python command line tools for working with SARIF files produced by code analysis tools
MIT License
91 stars 21 forks source link

runs/conversion/invocation is not generated according to the schema #55

Closed balihb closed 2 months ago

balihb commented 3 months ago

according to:

https://gitlab.com/ignis-build/sarif-converter/-/issues/60

"Invocation object and not a string"

balgillo commented 3 months ago

Thanks for raising this! I think this was already fixed - see #50 - but we haven't published the fixed tool version on PyPI yet. Please take a look and reopen if you think there's anything wrong with that fix.

balihb commented 2 months ago

looks like there is still a problem:

INFO:SNYK-OSS:cmd: ['check-jsonschema', '--schemafile', 'https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/dependency-scanning-report-format.json', 'gl-dependency-scanning-report.json']
INFO:SNYK-OSS:stdout:
ok -- validation done
INFO:SNYK-OSS:cmd: ['sarif', 'copy', '--output', '.report/gl-sast-report.sarif', '.report/sarif']
INFO:SNYK-OSS:stdout:
Wrote .report/gl-sast-report.sarif with 4 runs from 4 SARIF files
INFO:SNYK-OSS:cmd: ['check-jsonschema', '--schemafile', 'https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json', '.report/gl-sast-report.sarif']
ERROR:SNYK-OSS:stdout:
Schema validation errors were encountered.
  .report/gl-sast-report.sarif::$.runs[0].conversion.invocation: 'executionSuccessful' is a required property
  .report/gl-sast-report.sarif::$.runs[1].conversion.invocation: 'executionSuccessful' is a required property
  .report/gl-sast-report.sarif::$.runs[2].conversion.invocation: 'executionSuccessful' is a required property
  .report/gl-sast-report.sarif::$.runs[3].conversion.invocation: 'executionSuccessful' is a required property
balgillo commented 2 months ago

Sorry for the oversight here. Fix pending in #62