You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When outputting scans to a SARIF, and subsequently uploading this to Github Advanced Security, the code scanning alert doesn't show the image name and tag. This makes it a bit cumbersome to determine what the alert is for. A path is shown, but not to the dockerfile or anything that aids in determining the corresponding image name+tag in a meaningful way.
The text was updated successfully, but these errors were encountered:
So IFF the originating package file (e.g. requirements.txt) is:
touched so it is part of the PR and
can be referenced by the build
The alert will never be part of the PR. You will just get several alerts someone will have to triage at a later time.
I made a little line mapper POC (just hard-coded to pyproject.toml) and it works in a basic demo. I'm not sure all the variations that would have to be considered to make this more robust though (i.e. can it scale?)
When outputting scans to a SARIF, and subsequently uploading this to Github Advanced Security, the code scanning alert doesn't show the image name and tag. This makes it a bit cumbersome to determine what the alert is for. A path is shown, but not to the dockerfile or anything that aids in determining the corresponding image name+tag in a meaningful way.
The text was updated successfully, but these errors were encountered: