Was trying to use SARIF files written by gokart, but noticed when they identify issues, it seems to record some messages that seem destined for stdout.
Here's an example:
This is the command I ran: gokart scan -s -o results.sarif .
The raw file output is listed below, notice that the last line is:
Identified 2 potential CWE-78: OS Command Injection
It isn't present when there are no identified issues.
Was trying to use SARIF files written by gokart, but noticed when they identify issues, it seems to record some messages that seem destined for stdout.
Here's an example:
This is the command I ran:
gokart scan -s -o results.sarif .
The raw file output is listed below, notice that the last line is:It isn't present when there are no identified issues.