Outputted SARIF file cannot be uploaded to Github Advanced Security
meriouma opened this issue · 0 comments
meriouma commented
Description
I'm running Dockle on a Docker image, using -f sarif -o output.sarif
, and then I'm using the action github/codeql-action/upload-sarif
to upload the file to GHAS. The action fails to upload the file. I believe Dockle doesn't provide the location
field in the result.
What did you expect to happen?
I should be able to upload the output.sarif
file to GHAS.
What happened instead?
The upload-sarif
action reports this error:
Error: Code Scanning could not process the submitted SARIF file:
locationFromSarifResult: expected at least one location,locationFromSarifResult: expected at least one location,
at Object.waitForProcessing (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:334:19)
at async run (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:60:13)
at async runWrapper (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:75:9)
Output of dockle -v
:
Using Docker image : goodwithtech/dockle:v0.4.6