Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix sarif formatting issues #565

Merged
merged 4 commits into from
Feb 5, 2021
Merged

Fix sarif formatting issues #565

merged 4 commits into from
Feb 5, 2021

Conversation

DimaSalakhov
Copy link
Contributor

closes #563

PR attempts to fix issues formatting issues with produced SARIF report.
Covered changes:

  1. Use running tip version of the SARIF $schema
  2. tool declares it's version. Used the same version as the $schema, might not be ideal but that fixes the immediate problem of invalid SARIF schema. The other option could be passing through commit SHA or gosec module version.
  3. tool's rules couldn't be duplicated
  4. results' locations array should have only a single entry (https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317650).

@DimaSalakhov DimaSalakhov mentioned this pull request Jan 30, 2021
Open
ccojocar
ccojocar requested changes Feb 3, 2021
View reviewed changes
output/formatter.go Show resolved Hide resolved
output/formatter.go Show resolved Hide resolved
ccojocar
ccojocar reviewed Feb 3, 2021
View reviewed changes
output/formatter.go Outdated Show resolved Hide resolved
ccojocar
ccojocar approved these changes Feb 5, 2021
View reviewed changes
output/formatter.go Show resolved Hide resolved
@ccojocar ccojocar merged commit 6c57ae1 into securego:master Feb 5, 2021
@rogeriopeixotocx rogeriopeixotocx mentioned this pull request Feb 18, 2021
Closed
@felipe-avelar felipe-avelar mentioned this pull request Feb 18, 2021
Closed
@pbalogh-sa pbalogh-sa mentioned this pull request Feb 18, 2021
Closed
@naokikimura naokikimura mentioned this pull request Feb 28, 2021
Closed
@kiwiz kiwiz mentioned this pull request Mar 1, 2021
Merged
@dependabot dependabot bot mentioned this pull request Mar 18, 2021
Closed
kirbyquerby added a commit to orijtech/gosec that referenced this pull request Sep 15, 2022
@kirbyquerby
output: fix sarif formatting
7334cb8 
This change is based on securego/gosec#565 .

Fixes include:
* add a version field to the driver
* report start and end line of issues
* report correct sarif level based on the issue's reported severity rather than always warning
* avoid duplicate entries in rules

Updates cosmos#38
This was referenced Sep 15, 2022
Merged
Closed
kirbyquerby added a commit to cosmos/gosec that referenced this pull request Sep 15, 2022
@kirbyquerby
output: fix sarif formatting (#39)
c75406a 
This change is based on securego/gosec#565 .

Fixes include:
* add a version field to the driver
* report start and end line of issues
* report correct sarif level based on the issue's reported severity rather than always warning
* avoid duplicate entries in rules

Updates #38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ccojocar ccojocar ccojocar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Gosec is generating invalid sarif files
2 participants
@DimaSalakhov @ccojocar