Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(sarif): add fix object in generated reports #1184

Merged
merged 5 commits into from Apr 20, 2023
Merged

feat(sarif): add fix object in generated reports #1184

merged 5 commits into from Apr 20, 2023

Conversation

HollowMan6
Copy link
Contributor

Overview

Add the fix object in Kubescape generated SARIF reports to reflect the available fixes generated by Kubescape.

The fix object represents a proposed fix for the problem indicated by the Result. It specifies a set of artifacts to modify. For each artifact, it specifies regions to remove, and provides new content to insert.

Additional Information

Although there maybe no instant benefit for this addition, hopefully there will be some in the future, as I have submitted a feature request at GitHub for supporting the fix object for their Code Scanning Tool: https://github.com/orgs/community/discussions/52156

How to Test

kubescape test.yaml --format sarif

Example yaml file and generated sarif file packed in the zip file:
test.zip

Related issues/PRs:

Here you add related issues and PRs.
If this resolved an issue, write "Resolved #

e.g. If this PR resolves issues 1 and 2, it should look as follows:

@dwertent dwertent requested a review from vladklokun April 7, 2023 06:16
@HollowMan6
feat(sarif): add fix object in generated reports
4de50f8 
Signed-off-by: Hollow Man <hollowman@opensuse.org>
@HollowMan6
S1023: redundant break statement (gosimple)
19ca590 
Signed-off-by: Hollow Man <hollowman@opensuse.org>
@HollowMan6
Add unit testcase
539b6c5 
Signed-off-by: Hollow Man <hollowman@opensuse.org>
@HollowMan6
Add more error check
0b8d207 
Signed-off-by: Hollow Man <hollowman@opensuse.org>
@HollowMan6
nit
5c1a41e 
Signed-off-by: Hollow Man <hollowman@opensuse.org>
@HollowMan6
Copy link
Contributor Author

An updated that I have created a workflow which add Static Analysis Results Interchange Format (SARIF) support for reviewdog by converting it into Reviewdog Diagnostic Format (RDFormat): HollowMan6/sarif4reviewdog#5

Now there's instant benefit for this addition if we get this merged.

@HollowMan6 HollowMan6 mentioned this pull request Apr 17, 2023
Merged
@matthyx
Copy link
Contributor

matthyx commented Apr 18, 2023

Awesome thanks!
cc @dwertent can you have a look?

@dwertent dwertent merged commit b017d77 into kubescape:master Apr 20, 2023
7 checks passed
@HollowMan6 HollowMan6 deleted the sarif-fix branch May 1, 2023 13:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dwertent dwertent dwertent approved these changes

@vladklokun vladklokun Awaiting requested review from vladklokun

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add fix object in Kubescape generated SARIF reports when available
3 participants
@HollowMan6 @matthyx @dwertent