Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SARIF output not compatible with GitHub #1518

Closed
stevehipwell opened this issue Sep 25, 2023 · 2 comments · Fixed by #1563 or #1838
Closed

SARIF output not compatible with GitHub #1518

stevehipwell opened this issue Sep 25, 2023 · 2 comments · Fixed by #1563 or #1838
Assignees
@spiffcs
Labels
bug Something isn't working

Comments

@stevehipwell
Copy link

What happened:
Since the v0.68.1 (possibly the v0.68.0) release the SARIF output is no longer compatible with GitHub via the github/codeql-action/upload-sarif action.

Uploading results
Error: Invalid request.

1 item required; only 0 were supplied.
RequestError [HttpError]: Invalid request.

1 item required; only 0 were supplied.

What you expected to happen:
SARIF files generated from Grype should be compatible with GitHub.

How to reproduce it (as minimally and precisely as possible):

Scan an OCI image with Grype and set the output to SARIF, then attempt to upload it to the GitHub CodeQL endpoint.

Anything else we need to know?:

n/a

Environment:

  • Output of grype version: grype 0.69.0
  • OS (e.g: cat /etc/os-release or similar): Ubuntu 22.04 (GH Runner)
@stevehipwell stevehipwell added the bug Something isn't working label Sep 25, 2023
@willmurphyscode willmurphyscode self-assigned this Sep 26, 2023
@spiffcs
Copy link
Contributor

spiffcs commented Sep 26, 2023

👋 Thanks for the report @stevehipwell - looks like the $Schema field is still using the old rtm version right before it was finalized in 2.1.0. I've filed a PR with our upstream so hope to get this fixed in Grype relatively soon:

owenrumney/go-sarif#69

@spiffcs spiffcs moved this to In Review in OSS Sep 26, 2023
@spiffcs spiffcs assigned spiffcs and unassigned willmurphyscode Sep 26, 2023
@stevehipwell
Copy link
Author

Thanks @spiffcs, I thought that might be the issue based on validating the file but wasn't certain.

@spiffcs spiffcs mentioned this issue Oct 17, 2023
Merged
@github-project-automation github-project-automation bot moved this from In Review to Done in OSS Oct 17, 2023
@chenrui333 chenrui333 mentioned this issue Oct 21, 2023
Merged
@some-natalie some-natalie mentioned this issue Nov 7, 2023
Merged
2 tasks
@kzantow kzantow reopened this May 1, 2024
@kzantow kzantow closed this as completed May 1, 2024
@kzantow kzantow mentioned this issue May 1, 2024
Merged
@BrewTestBot BrewTestBot mentioned this issue May 1, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spiffcs spiffcs

Labels
bug Something isn't working
Projects
OSS
Archived in project
Milestone
No milestone
4 participants
@kzantow @stevehipwell @willmurphyscode @spiffcs