Skip to content

Add runCognium.sh script for OWASP Benchmark scoring#453

Open
coggiyadmin wants to merge 1 commit intoOWASP-Benchmark:masterfrom
coggiyadmin:add-cognium-script
Open

Add runCognium.sh script for OWASP Benchmark scoring#453
coggiyadmin wants to merge 1 commit intoOWASP-Benchmark:masterfrom
coggiyadmin:add-cognium-script

Conversation

@coggiyadmin
Copy link
Copy Markdown

@coggiyadmin coggiyadmin commented Apr 22, 2026

Adds a script to scan BenchmarkJava with Cognium and produce a SARIF result file compatible with the BenchmarkUtils Cognium reader.

Install: npm install -g cognium

@claude
Add runCognium.sh script for OWASP Benchmark scoring
428a0f5 
Adds a script to scan BenchmarkJava with Cognium and produce a SARIF
result file compatible with the BenchmarkUtils Cognium reader.

Install: npm install -g cognium

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@davewichers
Copy link
Copy Markdown
Contributor

davewichers commented Apr 22, 2026

@darkspirit510 - Can you use this script to generate a results file and test against the reader he created in BenchmarkUtils and if all good, let me know and I can merge both.

@coggiyadmin coggiyadmin mentioned this pull request Apr 22, 2026
Open
@darkspirit510
Copy link
Copy Markdown
Contributor

darkspirit510 commented Apr 24, 2026

@coggiyadmin first attempt failed with

scripts/runCognium.sh                                                                                                                                         [22:14:00]
✔ Scanned 2766 file(s)
✖ Analysis failed
ENAMETOOLONG: name too long, open 'results/Benchmark_Downloading from central: https://repo.maven.apache.org/maven2/com/internetitem/maven-metadata.xml
Downloading from central: https://repo.maven.apache.org/maven2/com/github/spotbugs/maven-metadata.xml
Downloading from central: https://repo.maven.apache.org/maven2/com/h3xstream/findsecbugs/maven-metadata.xml
Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/cargo/maven-metadata.xml
Downloaded from central: https://repo.maven.apache.org/maven2/com/github/spotbugs/maven-metadata.xml (240 B at 462 B/s)
Downloading from central: https://repo.maven.apache.org/maven2/org/jasig/mojo/jspc/maven-metadata.xml
Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/cargo/maven-metadata.xml (234 B at 448 B/s)
Downloading from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/maven-metadata.xml
Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-metadata.xml
Downloaded from central: https://repo.maven.apache.org/maven2/org/jasig/mojo/jspc/maven-metadata.xml (228 B at 4.8 kB/s)
Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/maven-metadata.xml
Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-metadata.xml (14 kB at 461 kB/s)
Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/maven-metadata.xml (21 kB at 397 kB/s)
Downloaded from central: https://repo.maven.apache.org/maven2/com/internetitem/maven-metadata.xml (408 B at 563 B/s)
1.2-cognium-v1.6.9.sarif'

second attempt worked. Any idea what might be the reason?

@darkspirit510
Copy link
Copy Markdown
Contributor

darkspirit510 commented Apr 24, 2026

Okay, Mac disk was full, maybe this was the reason.

General question: Why do I have to install this as global package? Do you plan to offer this as Docker container?

@coggiyadmin
Copy link
Copy Markdown
Author

coggiyadmin commented Apr 24, 2026

@darkspirit510 Unfortunately we dont have docker image, It is in our roadmap, we plan to release them in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@coggiyadmin @davewichers @darkspirit510