Skip to content
This repository was archived by the owner on May 24, 2025. It is now read-only.

Commit 9d0ad88

Browse files
committed
Make sure 'runs.results' field is never 'null' in SARIF report
This sets the 'runs.results' field to an empty array in the resulting SARIF if container scan returned no vulnerabilities or best practices violations. Otherwise, the SARIF report is considered as invalid by the 'upload-sarif' GitHub Action.
1 parent 165284e commit 9d0ad88

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

pkg/converter/converter.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,10 @@ func NewSarifReportFromContainerScanReport(containerScanReport containerscan.Rep
3838
containerImageNameToPathUri := toPathUri(containerScanReport.ImageName)
3939
var rulesMap = map[string]sarif.RunToolDriverRule{}
4040
var partialFingerPrintsMap = map[string]string{}
41+
42+
nbVulns := len(containerScanReport.Vulnerabilities)
43+
nbPracticesViolations := len(containerScanReport.BestPracticeViolations)
44+
sarifReportRun.Results = make([]sarif.RunResult, 0, nbVulns+nbPracticesViolations)
4145
//Trivy Vulnerabilities
4246
for _, vulnerability := range containerScanReport.Vulnerabilities {
4347
var level string
@@ -161,6 +165,7 @@ func NewSarifReportFromContainerScanReport(containerScanReport containerscan.Rep
161165
}
162166
sarifReportRun.Results = append(sarifReportRun.Results, sarifRunResult)
163167
}
168+
164169
sarifReportRun.Tool.Driver = sarifReportRunDriver
165170
rules := make([]sarif.RunToolDriverRule, 0, len(rulesMap))
166171
for _, rule := range rulesMap {

0 commit comments

Comments
 (0)