Closed JoshStutts closed 2 years ago
Should be fixed now in 1.21.3
of the command line tool.
I can confirm that this now works correctly for errors at least. Looks like the checker I use classifies everything as an error so I didn't see this when things I'd classify as info were marked like that.
I'm using a couple different static analysis tools, both of which produce valid SARIF files according to https://sarifweb.azurewebsites.net/Validation
The SARIF files contain issues with their level set to "note", "warning", and "error", but the output from violations-lib after parsing a SARIF file only shows INFO severity items.
I've attached a sanitized SARIF file with my file paths removed and the extension changed to .txt so github would allow me to attach it, but it's still valid per the validator above. Parsing this file using the violations-command-line results in the following:
Actual levels in the file:
security-scan.txt