Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added sarif template #558

Merged
merged 7 commits into from
Jul 17, 2020
Merged

Added sarif template #558

merged 7 commits into from
Jul 17, 2020

Conversation

rahul2393
Copy link
Contributor

@rahul2393
Copy link
Contributor Author

@knqyf263 kindle review

@knqyf263 knqyf263 requested a review from simar7 July 12, 2020 05:16
@knqyf263
Copy link
Collaborator

@simar7 Could you review this PR? We need to upload a SARIF file to GitHub actually and check how it looks on the UI.

simar7
simar7 requested changes Jul 13, 2020
View reviewed changes
contrib/sarif.tpl Outdated Show resolved Hide resolved
contrib/sarif.tpl Outdated Show resolved Hide resolved
contrib/sarif.tpl Show resolved Hide resolved
contrib/sarif.tpl Outdated Show resolved Hide resolved
@simar7
Copy link
Member

simar7 commented Jul 13, 2020

Is this valid SARIF? For me it doesn't pass the validator checks. You can try this here https://sarifweb.azurewebsites.net/Validation

image

I think you could also use a simple JSON validator as it should pass that too.

@simar7
Copy link
Member

simar7 commented Jul 13, 2020

Furthermore, could you also add a test that would exercise this template? You can see an example here

trivy/integration/client_server_test.go

Lines 78 to 87 in aa20adb

{
name: "alpine 3.10 integration with gitlab template",
testArgs: args{
Format: "template",
TemplatePath: "@../contrib/gitlab.tpl",
Version: "dev",
Input: "testdata/fixtures/alpine-310.tar.gz",
},
golden: "testdata/alpine-310.gitlab.golden",
},

@rahul2393
Copy link
Contributor Author

@simar7 fixed all comments, also validated the final output in Sarif validator
Screenshot 2020-07-16 at 9 17 57 AM

@simar7 simar7 self-requested a review July 17, 2020 18:08
@simar7 simar7 merged commit 43085a8 into aquasecurity:master Jul 17, 2020
liamg pushed a commit that referenced this pull request Jun 7, 2022
@rahul2393
Added sarif template (#558)
000391c 
* Added sarif template

* Updated readme

* fixed tests

* Added integration tests and fixed all sarif validations issues

* Added tests for endWithPeriod

* Fixed tests, and added sarif golden file

* removed optional newline sequence
liamg pushed a commit that referenced this pull request Jun 20, 2022
chore(deps): update defsec (#558)
429b2c7 
* chore(deps): update defsec
* fix: update tests with changes
* fix test
* fix: lint fixes

Signed-off-by: Owen Rumney <owen.rumney@aquasec.com>
josedonizetti pushed a commit to josedonizetti/trivy that referenced this pull request Jun 24, 2022
@liamg
fix: Fix rego scanning of cloudformation with custom policies (aquase…
449204f 
…curity#558)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simar7 simar7 simar7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@rahul2393 @knqyf263 @simar7