Outputted SARIF file cannot be uploaded to Github Advanced Security

Question

Outputted SARIF file cannot be uploaded to Github Advanced Security

meriouma opened this issue 2 years ago · 0 comments

Description
I'm running Dockle on a Docker image, using -f sarif -o output.sarif, and then I'm using the action github/codeql-action/upload-sarif to upload the file to GHAS. The action fails to upload the file. I believe Dockle doesn't provide the location field in the result.

What did you expect to happen?
I should be able to upload the output.sarif file to GHAS.

What happened instead?
The upload-sarif action reports this error:

Error: Code Scanning could not process the submitted SARIF file:
locationFromSarifResult: expected at least one location,locationFromSarifResult: expected at least one location,
    at Object.waitForProcessing (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:334:19)
    at async run (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:60:13)
    at async runWrapper (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:75:9)

Output of dockle -v:
Using Docker image : goodwithtech/dockle:v0.4.6