Open
Description
Hello expert,
I am trying to upload a SARIF file generated by a trivy scan. Whereas the SARIF file is generated, the upload of the file in the security tab failed with the message:
Run github/codeql-action/upload-sarif@v3
with:
sarif_file: trivy_report.sarif
checkout_path: /home/runner/work/aws-htc-grid/aws-htc-grid
token: ***
matrix: null
wait-for-processing: true
env:
TRIVY_REPORT_FILE: trivy_report.sarif
ACTIONS_STEP_DEBUG: true
Uploading results
Processing sarif files: ["trivy_report.sarif"]
Validating trivy_report.sarif
Combining SARIF files using the CodeQL CLI
Adding fingerprints to SARIF file. See https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs for more information.
Uploading results
Successfully uploaded results
Waiting for processing to finish
Analysis upload status is pending.
Analysis upload status is failed.
Error: Code Scanning could not process the submitted SARIF file:
locationFromSarifResult: expected artifact location
Do you have any clues what could be wrong with my SARIF files or how to improve observability of the action ?
Metadata
Metadata
Assignees
Labels
No labels