Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SARIF Multitool] merge command generates SARIF with multiple runs #2488

Open
eddynaka opened this issue Jun 15, 2022 · 3 comments
Open

[SARIF Multitool] merge command generates SARIF with multiple runs #2488

eddynaka opened this issue Jun 15, 2022 · 3 comments

Comments

@eddynaka
Copy link
Collaborator

How to simulate:

Use the attached example.zip and execute the command: sarif merge *.sarif --output-file merged.sarif --force

Current behavior:

The merged SARIF file creates one run with one rule for each distinct rules/results/tool you have in the SARIF.

Expected behavior:

The merged SARIF should contain:

  • multiple runs if we have multiple versions of tools
  • single run if we have multiple SARIFs with the same tool/versioning but different results
@eddynaka
Copy link
Collaborator Author

@marmegh this is one of the issues that I saw when running the E2E pipeline.

@marmegh
Copy link
Contributor

marmegh commented Jul 5, 2022

@yongyan-gh, this is one of the issues discussed today.
cc: @EasyRhinoMSFT, @shaopeng-gh

@yongyan-gh
Copy link
Collaborator

There is a command argument merge-runs for merge command is to merge multiple runs by same tool + version. But it's not working properly.

[Option(
"merge-runs",
HelpText = "Merge runs of the same tool + verion combination (requires " +
"eliding run-specific details such as invocations data.")]
public bool MergeRuns { get; set; }

So I created the fix PR based on the assumption:

  • By default, the merge command merges multiple runs by rule id + tool + version.
  • If merge-runs argument is set, the merge command merges multiple runs by tool + version.

Please review detail fix in the PR.

Thanks

This was referenced Feb 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants