dotpaul
commented
1 year ago Hi @spel1x, we can document it in the wiki. But the default should already be SARIF. Did you have logs where Template Analyzer succeeded but didn't output SARIF?
Closed spel1x closed 1 year ago
dotpaul
commented
1 year ago Hi @spel1x, we can document it in the wiki. But the default should already be SARIF. Did you have logs where Template Analyzer succeeded but didn't output SARIF?
spel1x
commented
1 year ago Yes if I don't specify ReportFormat sarif it does not pass that parameter as a default, so I get nothing written out in the Azure Devops under the scan section.
dotpaul
commented
1 year ago Oh sorry, I was thinking of the msdo task without a .gdnconfig file. This makes sense
Anyway, the wiki is updated, thanks!
To output write to .sarif and output the results under the scan section in the pipeline you need to enable --report-format Sarif. To do that you can add an ReportFormat argument in the *.gdnconfig file as following:
This argument is missing from the current documentation in the wiki. Also Sarif is only outputted if there are no errors in the TemplateAnalyzer.