-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
Jenkins 2.332.1
Warnings Next Generation Plugin Version 9.11.1
Analysis Model API Plugin Version 10.9.3
I'm using a couple different static analysis tools, both of which produce valid SARIF files according to https://sarifweb.azurewebsites.net/Validation
The SARIF files contain issues with their level set to "note", "warning", and "error", but the output from Warnings NG after running recordIssues against the SARIF file only shows Low severity items.
I've attached a sanitized SARIF file with my file paths removed, but it's still valid per the validator above.
This is running in a pipeline, using the following recordIssues command:
recordIssues(aggregatingResults: true, skipPublishingChecks: true, blameDisabled: true, filters: [excludeFile('.*\\/test\\/.*')], tool: sarif(id: 'Security_Code_Scan', name: 'Security Code Scan', pattern: '*.sarif'))
- links to
[JENKINS-68079] SARIF Issue Severity Always Low
Josh Stutts
created issue -
| Component/s | New: analysis-model [ 23523 ] | |
| Component/s | Original: warnings-ng-plugin [ 24526 ] |
Josh Stutts
made changes -
| Attachment | Original: security-scan.sarif [ 57496 ] |
Josh Stutts
made changes -
| Attachment | New: security-scan.sarif [ 57497 ] |
Josh Stutts
made changes -
| Attachment | New: Screen Shot 2022-03-18 at 4.35.24 PM.png [ 57498 ] |
| Remote Link | New: This issue links to "tomasbjerre/violations-lib#144 (Web Link)" [ 27495 ] |
| Remote Link | New: This issue links to "PR #774 (Web Link)" [ 27496 ] |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Open [ 1 ] | New: Fixed but Unreleased [ 10203 ] |
| Released As | New: https://github.com/jenkinsci/analysis-model/releases/tag/v10.9.4 | |
| Status | Original: Fixed but Unreleased [ 10203 ] | New: Resolved [ 5 ] |