Closed pdil closed 1 year ago
Thanks for the report! Unfortunately I think none of the maintainers are particularly adept with SARIF, so a PR would be welcome! cc original PR author @shaopeng-gh
Happy to help any PR authors who get stuck.
Thanks @MichaelChirico, just opened a PR.
@pdil Thanks for reporting and fixing the issue! Both you description of the issue and the fix looks good to me.
Issue
sarif_output
creates an invalid file when there are nolintr
results (i.e. all linting checks passed). This causes workflows that upload the file to GitHub to populate the Code scanning section of the Security tab to fail.Example
See this GitHub Actions run file for an example of the error (under
Upload analysis results to GitHub
):The SARIF file for my project comes back as follows:
Notice there is no
results
array insideruns
.Proposed solution
Include the
results
array inside each run in the SARIF file even if there are no issues returned bylintr
. I believe it should work if it's an empty array in that case (i.e."results": []
).Further reference
codeql-action
contributor regarding empty SARIF filescodeql-action
check for emptyrun.results