Trouble importing SARIF reports

Mikaciu · January 5, 2023, 9:13am

BTW, for trivy, the sarif import cannot be imported because the region looks like this :

                "region": {
                  "startLine": 17,
                  "startColumn": 1,
                  "endLine": 17,
                  "endColumn": 1
                }

If the startColumn and endColumn keys are removed, the issue does not appear anymore (though the SQ issue will be targeted towards the whole line). To do this :

          temporary_report=`mktemp`
          report_path="trivy.sarif"
          cat "${report_path}" > "${temporary_report}"
          jq '.runs[].tool.driver.name="del(.runs[].results[].locations[].physicalLocation.region.startColumn,.runs[].results[].locations[].physicalLocation.region.endColumn)' "${temporary_report}" > "${report_path}"

Topic		Replies	Views
Duplicated SARIF reports on an Azure Pipelines windows agent SonarQube Server / Community Build msbuild , scanner , sarif	2	624	February 16, 2023
SARIF report import - unable to see source context? SonarQube Server / Community Build	12	1089	October 4, 2023
Import Sarif report - source context not matching SonarQube Server / Community Build sarif , sonarqube-cloud	9	105	December 12, 2024
Import of Sarif report not working - this.bases is null SonarQube Server / Community Build scanner , reports , sarif	13	652	May 24, 2024
SARIF import failing with sonar-scanner-cli:5.0.1 SonarQube Server / Community Build scanner , sarif	5	62	October 1, 2024

Trouble importing SARIF reports

Related topics