veracode/veracode-pipeline-scan-results-to-sarif

Enable support for Veracode flaw_match data to be added to the SARIF output to prevent duplicate alerts

githubrlloyd opened this issue 4 years ago · 2 comments

githubrlloyd commented 4 years ago

Need to add fingerprint data using the flaw_match data from the Pipeline scan results to prevent duplicate alerts

https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning#preventing-duplicate-alerts-using-fingerprints

jonjanego commented 4 years ago

This probably is the right value to use: https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html#_Toc16012611

githubrlloyd commented 4 years ago

This has been addressed with a pull request that added partial fingerprints to the SARIF output