You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- sarif import now supports VersionControlProvenance and imports it as
version control element (if not already done)
- improved SarifImportProductWorkaroundSupport: visit mechanism now
generic
- GitleaksSarifImportWorkaround can now resolve finding revision ids
Situation
With
SecHub and Sereco provide revision information at findings.
But its currently not filled for secret scans.
Wanted
The revision information shall be set to Sereco model while importing Sarif for secret scans
Solution
SarifV1JSONImporter
to handle run content for firstVersionControlDetails
insideVersionControlProvenance
( see https://docs.oasis-open.org/sarif/sarif/v2.1.0/csprd01/sarif-v2.1.0-csprd01.html#_Toc10541040)GitleaksSarifImportWorkaround
to handle partial finger printsSee
and
The text was updated successfully, but these errors were encountered: