SARIF output is missing names on rules breaking GitLab parsing #599
Assignees
Comments
|
Thanks for bringing this up! I added the name field, and it will be included in the release this week. |
another-rex
added a commit
to another-rex/osv-scanner
that referenced
this issue
Oct 26, 2023
* Add name field to sarif rule output (google#600) Fixes google#599 * fix: trim leading and trailing newlines off SARIF output (google#606) I don't know a lot about SARIF so maybe these are required but that would be surprising to me whereas trimming these off make it a bit consistent for editors and such. Obviously if these are required then lets close this PR * Update release pipeline (google#602) Update the release pipeline to have it be manually triggered, and create a tag itself if checks and scans are successful. It looks something like this:  The release doc has been updated to follow this new workflow. * chore: don't trim trailing whitespace on fixture snapshots (google#608) This makes it easier to work with for IDEs * Prepare for 1.4.2 release (google#609) * Update jekyll feed, for some reason renovatebot can't figure out how to update this * Fix documentation for github action * Set upload tag name --------- Co-authored-by: Gareth Jones <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We are using the SARIF output and then converting it to GitLab's own SAST format. One issue we ran into is that GitLab requires a "name" on vulnerabilities which come from the
reportingDescriptor(rule):GitLab's conversion code just takes the name field off the rule.
Can the
namefield be added to the rule to fix this?The text was updated successfully, but these errors were encountered: