mirror of
https://github.com/ossf/scorecard.git
synced 2024-08-16 11:50:37 +03:00
🐛 keep SARIF runs and rules for exempted checks, only skip the results. (#4153)
* keep runs and rules for exempted checks, only skip the results. Signed-off-by: Spencer Schrock <sschrock@google.com> * update test Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>
This commit is contained in:
parent
5ef9831b91
commit
da0f2b4ebc
12
pkg/sarif.go
12
pkg/sarif.go
@ -627,13 +627,6 @@ func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel log.Level,
|
||||
for _, check := range r.Checks {
|
||||
check := check
|
||||
|
||||
// SARIF output triggers GitHub security alerts for a repository.
|
||||
// For annotated checks, we don't want to send alerts.
|
||||
exempted, _ := check.IsExempted(r.Config)
|
||||
if exempted {
|
||||
continue
|
||||
}
|
||||
|
||||
doc, err := checkDocs.GetCheck(check.Name)
|
||||
if err != nil {
|
||||
return sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("GetCheck: %v: %s", err, check.Name))
|
||||
@ -677,6 +670,11 @@ func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel log.Level,
|
||||
continue
|
||||
}
|
||||
|
||||
// Skip checks that are annotated
|
||||
if exempted, _ := check.IsExempted(r.Config); exempted {
|
||||
continue
|
||||
}
|
||||
|
||||
// Unclear what to use for PartialFingerprints.
|
||||
// GitHub only uses `primaryLocationLineHash`, which is not properly defined
|
||||
// and Appendix B of https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html
|
||||
|
@ -229,7 +229,7 @@ func TestSARIFOutput(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "check-1 annotations",
|
||||
name: "annotated check defined but no results",
|
||||
showDetails: true,
|
||||
showAnotations: true,
|
||||
expected: "./testdata/check1_annotations.sarif",
|
||||
|
45
pkg/testdata/check1_annotations.sarif
vendored
45
pkg/testdata/check1_annotations.sarif
vendored
@ -1,5 +1,48 @@
|
||||
{
|
||||
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
|
||||
"version": "2.1.0",
|
||||
"runs": []
|
||||
"runs": [
|
||||
{
|
||||
"automationDetails": {
|
||||
"id": "supply-chain/local/ccbc59901773ab4c051dfcea0cc4201a1567abdd-17 Aug 21 18:57 +0000"
|
||||
},
|
||||
"tool": {
|
||||
"driver": {
|
||||
"name": "Scorecard",
|
||||
"informationUri": "https://github.com/ossf/scorecard",
|
||||
"semanticVersion": "1.2.3",
|
||||
"rules": [
|
||||
{
|
||||
"id": "CheckNameID",
|
||||
"name": "Check-Name",
|
||||
"helpUri": "https://github.com/ossf/scorecard/blob/main/docs/checks.md#check-name",
|
||||
"shortDescription": {
|
||||
"text": "Check-Name"
|
||||
},
|
||||
"fullDescription": {
|
||||
"text": "short description"
|
||||
},
|
||||
"help": {
|
||||
"text": "short description",
|
||||
"markdown": "**Remediation (click \"Show more\" below)**:\n\n- not-used1\n\n- not-used2\n\n\n\n**Severity**: High\n\n\n\n**Details**:\n\nlong description\n\n other line"
|
||||
},
|
||||
"defaultConfiguration": {
|
||||
"level": "error"
|
||||
},
|
||||
"properties": {
|
||||
"precision": "high",
|
||||
"problem.severity": "error",
|
||||
"security-severity": "7.0",
|
||||
"tags": [
|
||||
"tag1",
|
||||
"tag2"
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"results": []
|
||||
}
|
||||
]
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user