SonarQube: 10.6
Scanner: 6.1.0.4477
Deployed: Helm
I can’t find hide folder file detail when I upload sarif report which include some issues in hide folder, just like .github folder.
Hi,
Welcome to the community!
Are we talking about a hidden folder, where the name starts with a dot (.)?
Am I correct in thinking that the contents of your dot-directory don’t show up in SonarQube after analysis, and thus the issues in the SARIF report you’re importing don’t show up either?
Thx,
Ann
Yeah, you’re right.
Hi,
I think your best bet is to update your pipeline to
- rename the files to remove the leading
. - run analysis
- add the leading
.back to the file names
Could you share why you want to analyze these files?
Thx,
Ann
Our team has discovered that there’s a potential for external attacks within the definition files of GitHub Actions. We have implemented dedicated scanning support for this aspect. Since the GitHub Actions definition files are located in the .github/workflows directory, we need to scan and display the contents of this location.
2 Likes