Skip to content

Commit 1446ff8

Browse files
airadierairadier
committed
Fix SARIF uri and add default value in README
1 parent 8bc0342 commit 1446ff8

File tree

5 files changed

+149
-139
lines changed

5 files changed

+149
-139
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ This action performs analysis on a specific container image and posts the result
1818
| `severity-at-least` | Filtering option to only report vulnerabilities with at least the specified severity. Can take `critical`, `high`, `medium`, `low`, `negligible` or `any`. Default value "any" for no filtering. For example, if `severity-at-least` is set to `medium`, only Medium, High or Critical vulnerabilities will be reported. | `any` |
1919
| `package-types` | Comma-separated list of package types to include in the report (e.g. `java,javascript`). Only vulnerabilities found in these types of packages will be included. If empty, no inclusion filter is applied. | |
2020
| `not-package-types` | Comma-separated list of package types to exclude from the report (e.g. `os`). Vulnerabilities found in these types of packages will be excluded. If empty, no exclusion filter is applied. | |
21-
| `exclude-accepted` | Set to `true` to exclude vulnerabilities that have accepted risks (`acceptedRisks`). Useful to focus only on unresolved findings. | |
21+
| `exclude-accepted` | Set to `true` to exclude vulnerabilities that have accepted risks (`acceptedRisks`). Useful to focus only on unresolved findings. | `false` |
2222
| `group-by-package` | Enable grouping the vulnerabilities in the SARIF report by package. Useful if you want to manage security per package or condense the number of findings. | |
2323
| `standalone` | Enable standalone mode. Do not depend on Sysdig backend for execution, avoiding the need of specifying 'sysdig-secure-token' and 'sysdig-secure-url'. Recommended when using runners with no access to the internet. May require to specify custom `cli-scanner-url` and `db-path`. | |
2424
| `db-path` | Specify the directory for the vulnerabilities database to use while scanning. Useful when running in standalone mode. | |

dist/index.js

Lines changed: 6 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/index.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/sarif.ts

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -202,7 +202,7 @@ function vulnerabilities2SARIFResByPackage(data: Report): [SARIFRule[], SARIFRes
202202
{
203203
physicalLocation: {
204204
artifactLocation: {
205-
uri: `file:///${data.result.metadata.pullString}`,
205+
uri: `file:///${sanitizeImageName(data.result.metadata.pullString)}`,
206206
uriBaseId: "ROOTPATH"
207207
}
208208
},
@@ -220,6 +220,12 @@ function vulnerabilities2SARIFResByPackage(data: Report): [SARIFRule[], SARIFRes
220220
}
221221

222222

223+
function sanitizeImageName(imageName: string) {
224+
// Replace / and : with -
225+
return imageName.replace(/[\/:]/g, '-');
226+
}
227+
228+
223229
function vulnerabilities2SARIFRes(data: Report): [SARIFRule[], SARIFResult[]] {
224230
let results: SARIFResult[] = [];
225231
let rules: SARIFRule[] = [];
@@ -275,7 +281,7 @@ function vulnerabilities2SARIFRes(data: Report): [SARIFRule[], SARIFResult[]] {
275281
{
276282
physicalLocation: {
277283
artifactLocation: {
278-
uri: data.result.metadata.pullString,
284+
uri: `file:///${sanitizeImageName(data.result.metadata.pullString)}`,
279285
uriBaseId: "ROOTPATH"
280286
}
281287
},

0 commit comments

Comments
 (0)