-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(report): add location.message to SARIF output (#3002) #3003
Conversation
|
ae018b7
to
f87f9a1
Compare
f87f9a1
to
2b5fc99
Compare
@candrews thanks for your PR! |
I think I'm finished. I'm having trouble running the tests myself (tinygo is broken in Fedora 37 so I haven't been able to use it), sorry for the noise :( |
722a4cf
to
68128f1
Compare
Signed-off-by: Craig Andrews <candrews@integralblue.com>
68128f1
to
3b7566c
Compare
@afdesk can this be merged now? If not, please let me know what I can do and I'll get right on it - thank you! |
@candrews thanks! |
Thank you! |
@candrews could you give me an advice? |
So GitHub at least knows about this field. I don't know exactly how it will present it in the UI. FWIW, I'm working on improving SARIF support in general. I'm not testing / developing against GitHub. My use case involves a different tool. |
@candrews thanks! it's ok, I understand your point. |
Thanks |
Description
SARIF allows a "message" to be provided for a location and that can have more useful information. See:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317675
It would be helpful to set this property so SARIF consumers can display better information. It would be particularly nice if Trivy includes the file and the package name and version (ex,
pom.xml:org.yaml:snakeyaml@1.30
).Related issues
Checklist