Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-68079

SARIF Issue Severity Always Low

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • analysis-model
    • None
    • Jenkins 2.332.1
      Warnings Next Generation Plugin Version 9.11.1
      Analysis Model API Plugin Version 10.9.3

      I'm using a couple different static analysis tools, both of which produce valid SARIF files according to https://sarifweb.azurewebsites.net/Validation

      The SARIF files contain issues with their level set to "note", "warning", and "error", but the output from Warnings NG after running recordIssues against the SARIF file only shows Low severity items.

      I've attached a sanitized SARIF file with my file paths removed, but it's still valid per the validator above.

      This is running in a pipeline, using the following recordIssues command:

      recordIssues(aggregatingResults: true, skipPublishingChecks: true, blameDisabled: true, filters: [excludeFile('.*\\/test\\/.*')], tool: sarif(id: 'Security_Code_Scan', name: 'Security Code Scan', pattern: '*.sarif'))
      

            drulli Ulli Hafner
            jstutts Josh Stutts
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: