-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(sarif): handle empty artifactLocation.uri
fields
#8141
Comments
@aquasecurity/trivy WDYT? |
Correct me if I'm wrong: This means we have to handle cases with misconfigs. |
The whole problem is that |
thanks. I missed this comment. I found the reason for empty I added logic to add filepath for aggregated languages - #8052 But it seems that we always need to add filepath if we can't determine it (no matter what the reason). |
Related Issues:
In some cases, Trivy generates a SARIF report with an empty
artifactLocation.uri
. Although such reports successfully pass validation at https://sarifweb.azurewebsites.net/Validation, which is recommended by GitHub in their documentation, uploading them using thegithub/codeql-action/upload-sarif
action fails with the following error:This remains an unresolved issue:
Potential solutions:
artifactLocation.uri
field with a dummy value.The text was updated successfully, but these errors were encountered: