Error: Unable to upload "gosec-results.sarif" as it is not valid SARIF

[maryamtahhan]

We've been having consistent failures with our gosec github workflow since updating from 2.20.0 to any newer versions:

https://github.com/sustainable-computing-io/kepler/actions/runs/11015749623/job/30589569438#step:5:5058

Going to revery back to 2.20.0 but not sure why this is still failing...

[ccojocar]

I see that your workflow used the v2.21.2 version of the gosec action. You need to use the @master version of the action which uses the gosec v2.21.3 underneath. This was fixed and this is a test pull request which updates successfully the SARIF file #1228.

[maryamtahhan]

We were tracking master: https://github.com/sustainable-computing-io/kepler/actions/runs/10783384527/job/29905195797

That's when the failures started. I reverted to 2.20.0 as this was the last stable release we had https://github.com/sustainable-computing-io/kepler/pull/1778/files

[ccojocar]

@maryamtahhan This is not master:

You use the 2.21.2 version of the action which underneath uses 2.21.1 version of gosec. You need to use the @master version of the GitHub action if you want to have it working.

[maryamtahhan]

thanks @ccojocar for getting back to me. If you expand Run Gosec Security Scanner in that same job, you should see Run securego/gosec@master

I will try the latest master again, hopefully it will work

[maryamtahhan]

Thanks - Latest master is working https://github.com/sustainable-computing-io/kepler/actions/runs/11048752021/job/30692810903